Chinese cyberattack targets US Treasury: Workstations compromised, documents accessed

In a letter reviewed by CNN, a US Treasury official revealed that a Chinese state-sponsored Advanced Persistent Threat (APT) actor used a stolen key to remotely access certain Treasury workstations and unclassified documents, as informed by a third-party software service provider on December 8.

"Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor," Aditi Hardikar, assistant secretary for management at the US Treasury, wrote in the letter.

A US Treasury spokesperson told CNN that the compromised service has been taken offline and steps are being taken in coordination with law enforcement and the Cybersecurity and Infrastructure Security Agency (CISA). "There is no evidence indicating the threat actor has continued access to Treasury systems or information," the Treasury spokesperson said.

According to CNN, Treasury officials are likely to hold a classified briefing next week with the House Financial Services Committee to analyze the breach. However, the exact timing of the briefing is yet to be decided, a senior committee staffer informed CNN.

The third-party software service provider, BeyondTrust, stated that hackers gained access to a key used by the vendor to secure a cloud-based service that the Treasury Department uses for technical support, according to the letter addressed to Senate Banking Committee leadership.

"With access to the stolen key, the threat actor was able to override the service's security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users," the Treasury letter said.

Hardikar noted in the letter that intrusions attributed to advanced persistent threat actors are considered a "major cybersecurity incident."

The full extent of the damage caused by the breach has not yet been determined, CNN reported.

Hardikar further wrote that to "fully characterise the incident and determine its overall impact," Treasury has been working with CISA, the FBI, US intelligence agencies, and third-party forensic investigators.

"CISA was engaged immediately upon Treasury's knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident," the letter added. (ANI)