The USA says that Chinese state-sponsored hackers (Advanced Persistent Threat) have breached the U.S. Treasury Department’s computer security guardrails and stolen documents.
The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents.
China denies this and has called it a baseless smear attack.
Third-party-software BeyondTrust confirmed the hacking, saying that hackers managed to steal an encrypted key that provides access to the respective software, allowing them to bypass security systems and remotely access various computers.
Hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The Treasury Department says it has been working with CISA and the FBI to estimate and mitigate impact since the 8th of December.
Details haven’t been made public, but it’s been called “a major incident”.
Forget Silent Night. Romanian carol singers praise Putin in Christmas performance
