U.S. Treasury Cyberattack: A Deep Dive into the December Breach
Earlier this December, the U.S. Treasury faced a significant cybersecurity breach attributed to hackers backed by the Chinese government. This incident was detailed in a letter shared with senior U.S. House lawmakers, and TechCrunch has had the opportunity to review it.
- Hackers gained remote access to certain Treasury employee workstations.
- Unclassified documents were accessed during this “major cybersecurity incident”.
The notification of this breach came on December 8 from BeyondTrust, a company specializing in identity access and remote support technology for large organizations and government entities. BeyondTrust revealed that hackers had compromised a key used by the vendor for providing remote technical support to Treasury employees. However, the details of how this key was obtained remain undisclosed, as a spokesperson for BeyondTrust did not comment at press time.
“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense.”
{Treasury spokesperson Michael Gwin}
As of December 30, with the assistance of U.S. cybersecurity agency CISA, there’s no evidence suggesting that the threat actor maintains ongoing access to Treasury information. The attribution of the breach points towards a state-sponsored group from China, though specifics about which group remains unclear.
This event is part of a broader pattern of cyberattacks linked to China targeting the U.S. government in recent months. Notably, groups like Salt Tycoon have aimed at telecommunications giants such as AT&T and Verizon to intercept private communications of senior U.S. officials.
While these incidents raise significant concerns regarding cybersecurity and international relations, it also emphasizes the importance of robust cyber defenses. If you have additional information about the BeyondTrust breach or the incident at the Treasury, you can connect securely via Signal and WhatsApp at +1 646-755-8849 or send files through SecureDrop.
