How Chinese hackers infiltrated US Treasury systems and stole documents
What's the story
In a major security breach, the US Treasury Department's computer systems were compromised by Chinese state-sponsored hackers earlier this month.
The attackers managed to steal documents in what has been described as a "major incident," Reuters reported.
The intrusion was carried out through BeyondTrust, a third-party cybersecurity provider employed by the department.
Security breach
Hackers bypassed security measures via compromised digital key
The hackers accessed a critical security key from BeyondTrust, allowing them to bypass protections on a cloud-based service. The service is utilized by the Treasury Department for technical support.
The breach gave the attackers access to specific user workstations and unclassified documents.
Georgia-based BeyondTrust confirmed on its website that a "digital key had been compromised," affecting a small number of its clients.
Ongoing investigation
US Treasury Department collaborates with FBI, CISA
BeyondTrust alerted the Treasury Department about the breach on December 8.
The department is now working with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to determine the full scope of this incident.
A representative for the Chinese Embassy in Washington has denied any involvement in the cyberattack.
The embassy told Reuters, "Beijing firmly opposes the US's smear attacks against China without any factual basis."
Expert analysis
Cybersecurity expert links attack to Chinese hacking patterns
Cybersecurity specialist Tom Hegel from SentinelOne has tied the attack to a "well-documented pattern" seen in Chinese hacking campaigns.
He told Reuters, "These groups often target trusted third-party services, and this method has become more common in recent years."
The incident highlights the growing risks of relying on third-party vendors for critical security services.