Washington DC [US]: A Chinese state-sponsored Advanced Persistent Threat (APT) actor has been linked to a cyberattack on the US Treasury Department, resulting in unauthorized access to Treasury workstations and unclassified documents. The incident, described as a “major cybersecurity incident,” was disclosed to Congress on Monday, as reported by CNN.
In a letter obtained by CNN, Aditi Hardikar, Assistant Secretary for Management at the US Treasury, revealed that the breach occurred through the use of a stolen key, allowing the attackers to bypass security protocols. The key, associated with a cloud-based service used by the Treasury Department for technical support, was compromised, enabling remote access to certain workstations and documents.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” Hardikar stated in the letter.
The breach was initially identified by the third-party software provider BeyondTrust, which supports the cloud service used by the Treasury. The company reported that hackers had gained access to a key integral to the system’s security, enabling the unauthorized activities.
Response and Investigation
The compromised service has since been taken offline, and the US Treasury is working with law enforcement agencies, the Cybersecurity and Infrastructure Security Agency (CISA), and third-party forensic investigators to assess the damage.
“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury spokesperson told CNN.
Treasury officials are coordinating a classified briefing with the House Financial Services Committee to review the breach and its implications. While the exact timing remains undecided, the session is expected to provide an in-depth analysis of the incident.
Hardikar emphasized that efforts are ongoing to fully assess the breach’s extent and potential impact. The Treasury is collaborating with CISA, the FBI, US intelligence agencies, and forensic experts to “characterize the incident and determine its overall impact.”
Significance and Concerns
This breach underscores the growing threat posed by state-sponsored cyber actors, particularly those employing sophisticated tactics to infiltrate critical systems. Intrusions attributed to APT actors are considered highly serious due to their advanced methodologies and potential implications for national security.
As investigations continue, the incident raises broader concerns about the vulnerabilities in third-party services and the need for enhanced cybersecurity measures to protect sensitive government systems.