The US Treasury Department has disclosed that it was hit by a cyberattack earlier this month, attributing the breach to Chinese state-sponsored hackers.
Hackers accessed employee workstations and stole unclassified documents, the Treasury has said, calling the breach a ‘major cybersecurity incident.’
How did it happen?
According to a letter sent to US lawmakers, the hackers exploited vulnerabilities in a third-party cybersecurity service provider, BeyondTrust, to override security measures.
This breach enabled them to gain remote access to certain Treasury Departmental Office (DO) systems, compromising documents that, while unclassified, could potentially contain sensitive information.
The Treasury Department was alerted to this breach on December 8 by BeyondTrust, after which it engaged with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and other forensic investigators to evaluate the impact of the incident.
The US government’s accusation comes when cyber-espionage activities between the US and China have intensified, with previous incidents involving alleged Chinese cyber operations targeting US telecommunications and political figures. This latest breach adds to a series of events that have strained US-China relations in the cybersecurity domain.
China denies allegations
China’s response has been swift and categorical.
The Chinese Foreign Ministry, through spokesperson Mao Ning, denied the allegations, calling them groundless andaccusing the US of using cyber security issues to smear China’s reputation.
Beijing asserted its opposition to all forms of cyberattacks and criticized the US for what it described as a lack of evidence in its accusations. Chinese Embassy spokesman Liu Pengyu further emphasized the need for a responsible and evidence-based approach to characterizing cyber incidents.
What do experts think?
Analysts like Tom Hegel from SentinelOne have noted that this incident aligns with patterns observed with PRC-linked groups, focusing on exploiting trusted third-party services.
This method has been on the rise in recent years, emphasizing the need for robust cybersecurity measures in governmental and critical infrastructure sectors.
This cyber breach comes amidst ongoing diplomatic efforts to manage US-China relations, with both nations navigating a complex landscape of trade, technology, and security issues. The US assertion of Chinese involvement in this cyberattack could lead to further sanctions or diplomatic repercussions, echoing previous responses to cyber espionage activities attributed to China.