/cdn.vox-cdn.com/uploads/chorus_asset/file/24533979/STK417_banking_money_2.jpg?w=696&resize=696,0&ssl=1 "US Treasury Department Cyberattack")
The US Treasury Department recently experienced a significant security breach caused by a China state-sponsored hacker infiltrating the third-party remote management software they utilize, as initially reported by The New York Times.
Details of the Security Incident
According to a letter obtained by The Verge, the Treasury Department disclosed that BeyondTrust, the provider of their remote management software, informed them of a breach on December 8th.
Impact of the Breach
The hacker obtained a key used by BeyondTrust to secure a cloud-based service for providing technical support to Treasury Departmental Offices (DO) end users. This key allowed unauthorized access to user workstations and certain unclassified documents.
Response and Resolution
The Treasury Department collaborated with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI post-incident. They confirmed the breach was orchestrated by a China state-sponsored Advanced Persistent Threat (APT) hacker. The compromised service has been deactivated, and there is no indication of continued access to Treasury systems.
Connection to Previous Incidents
This attack appears to be related to an earlier security breach disclosed by BeyondTrust affecting customers using their remote support software. BeyondTrust promptly addressed the issue by revoking the compromised API key and notifying impacted customers.
Statement from Treasury Department
Michael Gwin, spokesperson for the US Treasury Department, emphasized the seriousness of such threats and highlighted their continuous efforts to enhance cybersecurity measures in collaboration with both public and private sectors.
Conclusion
In conclusion, the recent security breach at the US Treasury Department underscores the persistent threat of cyberattacks from state-sponsored actors. It also highlights the importance of robust cybersecurity measures to safeguard sensitive information and critical systems.
FAQs
Q: What was the cause of the security breach at the US Treasury Department?
A: The breach was caused by a China state-sponsored hacker infiltrating the third-party remote management software used by the Treasury Department.
Q: How did BeyondTrust respond to the security incident?
A: BeyondTrust promptly revoked the compromised API key and notified affected customers, taking immediate action to mitigate the impact of the breach.
Q: What measures has the US Treasury Department taken to prevent future security breaches?
A: The Treasury Department has enhanced its cyber defense capabilities over the past four years and continues to collaborate with various partners to protect its systems from potential threat actors.
Credit: www.theverge.com
