The U.S. Department of the Treasury has disclosed a major cybersecurity incident, potentially compromising sensitive government information. In a letter to the Senate Committee on Banking, Housing, and Urban Affairs, Assistant Secretary for Management Aditi Hardikar revealed that a “threat actor” exploited a vulnerability in a third-party software service to gain unauthorized access to Treasury Department workstations.
The incident, attributed to a China state-sponsored Advanced Persistent Threat (APT) actor, involved the compromise of a cloud-based service provided by BeyondTrust. This service, used for remote technical support, became an entry point for the attackers after they obtained a key used by the vendor to secure the platform.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” the letter stated.
The Treasury Department is working closely with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence Community, and third-party forensic investigators to assess the full impact of the breach.
While the compromised BeyondTrust service has been taken offline, and there is currently no evidence of continued access by the threat actor, the incident raises serious concerns about the security of government systems and the ongoing threat of state-sponsored cyberattacks.
Related Posts:
- The US announces sanctions against Russian individuals and companies tied to worldwide hacking
- 10 Million Dollar Bounty: The Hunt for Ransomware Kingpin Mikhail Matveev
- Justice Department Seizes 41 Domains Used by Russian Intelligence in Massive Cyber Espionage Takedown
- S. Department of Homeland Security issues warnings about New North Korean malware
