A Chinese state-sponsored hacker breached U.S. Treasury Department systems earlier this month and gained access to employee workstations and some unclassified documents, U.S. officials said Monday.
The Treasury Department considered the hack a “major incident” after it was revealed via a letter notifying lawmakers of the incident.
The US agency said it is working with the FBI and other agencies to investigate the impact of the hack.
A spokesperson for the Chinese Embassy in Washington, D.C., told BBC News that the accusation was part of a “slanderous attack” and was made “without any factual basis.”
The Treasury Department said in its letter to lawmakers that the China-based actor was able to bypass security via a key used by a third-party service provider. The application provides remote technical support to its employees.
The compromised third-party service — called BeyondTrust — has since been taken offline, officials said. The statement continued that there is no evidence to suggest that the hacker has continued to access Treasury Department information since then.
The department said it is working with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact.
Initial investigations indicate the hack was apparently carried out by “an advanced persistent threat (APT) actor based in China,” officials said.
“Per Treasury policy, hacks attributed to advanced persistent threats are considered a major cybersecurity incident,” Treasury officials said.
The ministry was notified of the hack on December 8 by BeyondTrust, a ministry spokesperson told the BBC. According to the company, the suspicious activity was first discovered on December 2, but it took three days for the company to determine that it had been hacked.
The spokesman said the hacker gained remote access to several Treasury Department users’ workstations and some non-confidential documents maintained by those users.
The administration did not specify the nature of these files or when and how long the hack occurred. It also did not specify the level of confidentiality of the computer systems or the seniority of the employees whose materials were accessed.
The hackers may have been able to create accounts or change passwords during the three days they were being monitored by BeyondTrust.
As espionage agents, it is believed that the hackers were searching for information, rather than trying to steal money.
The spokesperson said that Treasury “takes seriously all threats against our systems and the data they hold,” and that it will continue to work to protect its data from external threats.
The department’s letter states that a supplemental report on the incident will be submitted to lawmakers within 30 days.
Chinese Embassy spokesman Liu Bingyu denied the ministry’s report, saying in a statement that it may be difficult to trace the origin of the hackers.
He added, “We hope that the parties concerned will adopt a professional and responsible stance when describing cyber incidents, and base their conclusions on sufficient evidence instead of speculation and baseless accusations.”
“The United States needs to stop using cybersecurity to smear and discredit China, and stop spreading all kinds of disinformation about so-called Chinese hacking threats.”
This is the latest embarrassing high-profile US hack blamed on Chinese spy hackers.
This comes on the heels of another telecom hack last December, which likely led to phone history data being compromised across large swaths of American society.
https://ichef.bbci.co.uk/news/1024/branded_news/b307/live/7d453d90-c6fd-11ef-b044-a5b8ed5f5be2.jpg
Source link