According to a letter to Congress, cyber vendor BeyondTrust was breached by Beijing-backed attackers who gained access to US Department of the Treasury workstations and stole sensitive material.
How Did The Incident Took Place
Earlier this month, Chinese state-backed threat actors were able to breach the US Department of the Treasury’s computers and take data from workstations, the department informed Congress on Dec. 30.
According to what the researchers described Attackers initially targeted BeyondTrust, a Treasury vendor. stole BeyondTrust’s cloud platform key for remote tech support. On Treasury computers that had the platform installed, attackers exploited it as a backdoor. An example of this would be if a hacker broke into the office of your plumber and took the master keys to the buildings they serviced.
According to a Wednesday Washington Post article, the attackers targeted the Treasury Department’s Office of Financial Research, the Office of the Treasury Secretary Janet Yellen, and the Office of Foreign Assets Control, or OFAC, which is the government agency in charge of imposing fines.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Using a stolen API key to its cloud-based tech assistance platform, hackers reportedly connected to the People’s Republic of China (PRC) got into employee workstations and took data from desktop and laptop computers.
According to a statement posted on its website, BeyondTrust patched the medium-risk vulnerability and immediately denied access to the API key upon learning of the event.
According to a statement posted on its website, BeyondTrust patched the medium-risk vulnerability and immediately denied access to the API key upon learning of the event.
“baseless accusations lacking evidence”.
“China consistently opposes all forms of hacking and firmly rejects the dissemination of false information targeting China for political purposes.”
China’s Foreign Ministry Spokesperson Mao Ning refuted the US assertions.
In a letter to Treasury Secretary Janet Yellen on Tuesday, leading members of the House and Senate requested that she tell important committees on a significant Chinese cyber attack into the agency’s sensitive networks.
Former NSA cyber analyst Evan Dornbush responded to the incident with a statement, saying it also demonstrates that cybersecurity vendors continue to be a favourite target of skilled state threat actors.
