“Treasury takes all threats against our systems and the data it holds very seriously,” a department spokesman said in a statement. “Over the past four years, Treasury has significantly strengthened its cyber defenses, and we will continue to work closely with both private and public sector partners to protect our financial system from malicious elements.”
Threat actors stole the key to BeyondTrust
BeyondTrust reported the breach to the Treasury Department on December 8. Treasury, in turn, reported the attack to the Cybersecurity and Infrastructure Agency and the FBI.
Chinese government officials told reporters that the nation was not responsible for the breach. A spokesman for the Chinese embassy in Washington told Reuters that the attribution of nation-state-sponsored threat actors from China was a “baseless attack against China”.
The breach occurred when “a threat actor compromised a vendor used to secure a cloud-based service used to provide remote technical support for Treasury Departmental Offices (DO) end users.” had access to the key.” A letter From Treasury officials obtained by Reuters.
What types of documents were exploited?
According to The BBCTarget documents include:
- Information about President-elect Donald Trump and Vice President-elect J.D. Vance.
- Data on Vice President Kamala Harris’ 2024 presidential campaign.
- Database of phone numbers subject to monitoring by law enforcement agencies.
It is not known whether this information was specifically targeted or within the available data.
Since the attack, Treasury has worked with third-party security experts, the intelligence community, the FBI, and CISA to investigate. Treasury identified. Cyber threat As an advanced persistent threat actor, Joe NIST explains. As a “sophisticated” adversary, using multiple tactics to consistently gain access to your target.
BeyondTrust took the affected service offline, according to the Treasury letter. This strategy prevented threat actors from accessing the department’s information.
As The Washington Post highlighted.The Treasury plays a key role in economic sanctions, which President-elect Trump could use against Chinese goods.
“The increase in Chinese cyberattacks on US infrastructure reflects broader strategic priorities, including countering US influence, gaining technological dominance and preparing for potential geopolitical confrontations,” said James Torgel, Global Cyber Risk and Board Relations. VP of and former FBI Assistant Director of Information at Optiv. and technology, said in an email to TechRepublic.
See: US imposes sanctions on Chinese in early December A cyber security firm Sichuan Silence on Alleged Involvement in Ransomware Attacks
Typhoon Salt hits US infrastructure in 2024
The Treasury breach was part of a series of attacks on US government institutions and infrastructure in 2024. Many of these incidents have been traced. China-sponsored threat actorsIncluding Salt Typhoon
Active since 2020, SALTTyphoon has been recognized for its cyber espionage operations that have targeted critical infrastructure sectors globally. targeted the group At least eight US telecommunications companies, including AT&T and Verizon, as well as Cisco and defense contractors.
“This attack underscores the urgent need for a robust cybersecurity framework to protect against the growing threats targeting the telecommunications sector,” the FCC wrote in early December.
What does this mean for cybersecurity professionals?
In December, the US government issued Security guidance Telecommunications companies seeking to disrupt the way Chinese state-affiliated actors infringe on domestic organizations. The guidance recommended that companies use comprehensive alerting mechanisms, leverage network flow monitoring solutions, limit exposure of management traffic to the Internet, and harden various aspects of systems and devices. Certain Cisco devices may call for additional precautions.