According to a letter to lawmakers that Treasury officials made public on Monday, Chinese state-sponsored hackers made their way past the U.S. Treasury Department's computer security system this month, gaining access to documents in what's being called a "major incident."
Per reporting from Reuters, sourcing information from the Treasury letter, the hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users."
The Treasury Department first caught wind of the breach on December 8 and is "working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the hack's impact," according to recent updates.
"This incident fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services — a method that has become increasingly prominent in recent years," Tom Hegel, a threat researcher at cybersecurity company SentinelOne, said to Reuters.
According to a Treasury spokesperson, “There is no evidence indicating the threat actor has continued access to Treasury systems or information."
Treasury officials plan to hold a classified briefing about the breach next week with staffers from the House Financial Services Committee.
Shares