State-sponsored Chinese hackers breach US Treasury Department, compromising unclassified data. Raid reveals serious flaws in US cybersecurity
A state-sponsored cybercriminal group from China remotely accessed certain workstations used by employees of the U.S. Treasury Department and obtained some unclassified documents. The cybersecurity incident, classified as “significant” by the affected agency, was disclosed in the last few hours in a public letter addressed to members of Congress.
To achieve their goal, according to the report, the attackers compromised the security of an external vendor. This was BeyondTrust, whose mission was to protect a security system remote technical support used by US Treasury officials. Specifically, an access key was stolen that allowed the aforementioned hack to be carried out. They then explain that measures were taken to deal with the problem.
It is not the first Chinese cyberattack against the United States
One of the measures was to disconnect the affected service and another was to launch an investigation with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence Community, as well as independent forensic investigators. The goal of this last action was to determine the scope of the attack and, very importantly, identify those responsible.
- No Volkswagen, Toyota or BYD: Brazil's most modern automotive factory belongs to the company that is often overlooked by Brazilians
- Iron Dome: The incredible invisible wall that protects Israel from thousands of missiles and revolutionizes global defense
- Don’t Throw Away Anymore — Your Wood Pallet Ashes Are a Treasure
- China, coin-sized microcomputer promises to revolutionize global digital security
Authorities have attributed the incident to a state-sponsored cybercriminal group from China. Specifically, they are referring to an advanced persistent threat (APT). These types of attacks are often carried out using sophisticated techniques and persistent attacks. Certainly, breaching the security of one of the US government departments is no small feat.
To speak of the US Treasury Department is to mention the agency that oversees important, and often confidential, data on financial systems around the world. Its functions include analyzing the economies of other countries, such as China, and implementing sanctions. This agency has, in fact, been the instrument for applying sanctions against Chinese companies amid the Russian invasion of Ukraine.
We say that something is happening with the cybersecurity of the largest economic and military power on the planet because this is not the first time in recent years that Chinese cybercriminals have managed to breach its systems. In 2023, around 60.000 State Department emails were leaked. And this year it came to light that a group known as Salt Typhoon infiltrated telecommunications operators from the US and is believed to have extracted information from President-elect Donald Trump's line
Very normal these
States both do it to all the others, but some make it public and others don't. I don't see anything new between powers