U.S. Treasury Department Accuses Chinese-Backed Hackers of Cyber Intrusion

What Happened?

U.S. government officials believe a Chinese sponsored hacker managed to break through some of the electronic security protocols protecting U.S. Treasury Department computer systems.

A letter from the U.S. Treasury Department yesterday stated that hackers:

‘[Gained] access to a key used by the vendor t o secure a cloud-based service used to remotely provide technical support for Treasure Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users. Based on the available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.’

The vendor in question, BeyondTrust, said it alerted the Treasury Department on December 8^th of a possible intrusion and has been working with the FBI and the U.S. Cybersecurity and Infrastructure Agency to determine the scope of the incident.

The Chinese Embassy in Washington D.C. denied that China was involved. 

Why it Matters

An advanced persistent threat actor is an individual or group who gains unauthorized access to a computer system while remaining undetected for an extended period of time.

APTs may be sponsored or controlled by nation-states, because they often require significant training and resources to operate.

In an interview with Raphael Satters and AJ Vicens, Tom Hegel of cyber security firm SentinelOne said the incident with the U.S. Treasury Department ‘fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services - a method that has become increasingly prominent in recent years,’ he said, using an acronym for the People's Republic of China.

Treasury Department officials did not specify what information may have been obtained by the hackers, but they did say all the documents involved in the breach were unclassified.

Third party vendors have been a weak point from a cyber-security perspective for some time, and hackers have become more skilled at spotting and exploiting weaknesses in those groups. 

How it Affects You

According to Eric Tucker of the Associated Press:

‘The incident comes as U.S. officials are continuing to grapple with the fallout of a massive Chinese cyberespionage campaign known as Salt Typhoon that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans. A senior White House official said Friday that the number of telecommunications companies confirmed to have been affected by the hack has now risen to nine.’

Treasury officials did say the security breach has been sealed and no further intrusions have been detected.

With the Supreme Court poised to decide whether or not to uphold a ban on Chinese owned TikTok and President-Elect Trump set to take office in January, this incident is likely to further strain relations between the United States and China.