2 days Ago
The US Treasury Department has confirmed that documents have been stolen and systems have been breached in a cyber attack that it has dubbed a ‘major incident’. The compromise occurred through a third party cybersecurity service provider, BeyondTrust, which allowed remote access to key systems. Through this system, hackers were able to gain access used by the vendor to override parts of the Treasury Department’s systems, the agency confirmed in a disclosure letter to Congress.
The third-party system, which ordinarily offers remote technical support to employees, has since been taken offline. Initial assessments by the agency suggest the attack was carried out by ‘a China-based Advanced Persistent Threat Actor’, officials said. China has called the accusation ‘baseless’, and said it "consistently opposes all forms of hacking".
A short-lived breach Suspicious activity was first spotted on December 2, and the Treasury was made aware of the hack on December 8 by BeyondTrust, although it took the company three days to determine that it had been breached. It’s not clear what type of files were taken, or what these files relate to, but more details are expected to be revealed in the Treasury’s 30-day supplemental report. This attack follows a huge telecoms breach which and compromised millions of individuals.
The telecoms breach, attributed to Chinese state-sponsored group, Salt Typhoon, resulted in a vow of retribution from President-elect Trump, and China also denied wrongdoing relating to this hack. "The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats," said embassy spokesman for the Chinese embassy in Washington DC, Liu Pengyu. Via.
