TechDogs-"Chinese State-Sponsored Hackers Breach U.S. Treasury Department In A Major Cyber-attack"

Cyber Security

Chinese State-Sponsored Hackers Breach U.S. Treasury Department In A Major Cyber-attack

By TechDogs Bureau

TD NewsDesk

Updated on Tue, Dec 31, 2024

Overall Rating
Earlier this year, the cybercrime group Salt Typhoon went after U.S. telecom companies. The cyber-attacks got so out of hand that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) had to step in and release an advisory for telecom enterprises using Cisco’s gear.

As of today, the hackers have targeted nine US-based telecom businesses, including AT&T, Lumen and Verizon. This was followed by ransomware attacks on the healthcare firm Ascension revealing the data of 5.6 million patients, while the data of 1 million ConnectOnCall patients was exposed earlier this year.

Naturally, these repeated incidents highlight a broader pattern of sophisticated, persistent cyber threats aimed at the U.S. infrastructure. In another blow, the U.S. Treasury Department was the latest to be breached in a series of cyber-attack campaigns linked to Chinese state-sponsored groups.

The U.S. Treasury Department breach has caused major security worries as hackers tapped into users’ workstations and viewed unclassified documents. So, what’s the motive behind this spate of recent cyber threats?

Let’s explore!
 

What Happened In The US Treasury Hack?


BeyondTrust, a third-party software business that makes technology for identity access and remote access, reported a security breach on December 8th to the Treasury Department. It said that Chinese hackers had accessed an encryption key that BeyondTrust uses to protect its cloud-based services and give remote access support.

This key gave the hackers access to user computers in the Treasury Departmental Offices (DO), although the breach gave access only to unclassified documents, not to any sensitive data.

The Treasury Department promptly asked the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to step in, assess the situation and mitigate the cyber threat. The U.S. cybersecurity agency CISA later said that there was ““no evidence indicating the threat actor has continued access to Treasury information.”

However, CISA said in a letter that that the cyber-attack could be attributed a state-sponsored advanced persistent threat group backed by the Chinese government. So, how has the US responded to the incident?
 

What Steps Has The Treasury Department Taken?


TechDogs-"What Steps Has The Treasury Department Taken?"-"The Department Of The Treasury Seal On A Stone Wall, Featuring Scales, A Key, And The Year 1789"
Upon discovery, the Treasury disabled the compromised BeyondTrust service to prevent further breaches. Michael Gwin, a spokesman for the Treasury Department, said, “Treasury takes very seriously all threats against our systems and the data it holds.”

Stressing the department's aim to improve its cybersecurity posture, it has involved federal agencies, including CISA and the FBI, to investigate and determine the extent of the breach. It will also focus on the identification of those behind the attacks.

Although none of the agencies has named the group behind the attacks, it bears resemblance to methods used by Chinese cyberspies. Moreover, the hack comes weeks after China’s Salt Tycoon group targeted U.S. telecom firms, including AT&T and Verizon. The hackers got access to private communications of senior U.S. government officials, including presidential candidates.

Yet, an official from the Chinese Embassy in Washington, D.C., Liu Pengyu, denied the claims and said that Beijing “firmly opposes the U.S.'s smear attacks against China without any factual basis.”

So, what does the latest attack on the US infrastructure mean?
 

Conclusion


While the implications of the breach are being ascertained, the Department of Treasury is the latest victim of a wide cyberespionage campaign linked to China. The cybercrime group Salt Typhoon has already gone after nine U.S. telecom firms in 2024 and is now targeting government agencies.

The latest breach only shows how critical it is for government agencies to have strong cybersecurity measures for third-party entities. Tom Hegel, a threat researcher at SentinelOne, said, "This reflects a growing trend of exploiting trusted third-party services to infiltrate target networks."

Do you think the Treasury's reaction is enough to prevent such an attack from happening again? Can the United States government take action against Chinese state actors?

Share your thoughts in the comments below!

First published on Tue, Dec 31, 2024

Enjoyed what you read? Great news – there’s a lot more to explore!

Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!

Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.

Head to the TechDogs homepage to Know Your World of technology today!

Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.

Join The Discussion

- Promoted By TechDogs -

IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment

Join Our Newsletter

Get weekly news, engaging articles, and career tips-all free!

By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.

  • Dark
  • Light