State-Sponsored Cyberattack on US Treasury Highlights Critical Need for Robust Cybersecurity

According to an article in TechInformed, a state-sponsored cyberattack by Chinese hackers has breached the United States Treasury office that administers economic sanctions against countries and groups of individuals. The article cites reporting from major news outlets, including the Washington Post.

In late December, the Treasury revealed that Chinese hackers had accessed several employee workstations and unclassified documents. A letter stated that the hackers compromised third-party cybersecurity service provider BeyondTrust to steal unclassified documents, which it called a “major incident.”

It said that the hackers gained access to a key used by the vendor to secure a cloud-based service to provide technical support for treasury departmental office end users remotely.

Using the stolen key, the threat actor could override the service’s security and remotely access user workstations.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” said the letter.

The Treasury Department said BeyondTrust alerted it to the breach on December 8. It is working with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the impact of the hack.

The letter added that there was no evidence that the hacker was still in its systems.

The Washington Post has since spoken to anonymous US officials who said the state-sponsored cyberattack compromised the Office of Foreign Assets Control and the Office of Financial Research and targeted US Treasury Secretary Janet Yellen.

According to the report, US officials said that the Chinese government would likely be motivated to determine which Chinese entities the US government is considering designating for financial sanctions.

In response to the report, Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, said that the “irrational” US claim was “without any factual basis” and represented “smear attacks” against Beijing.

The spokesperson added that China “combats all forms of cyber-attacks.”