A Chinese state-sponsored hacker broke into the systems of the US Treasury Department, accessing employee workstations and other confidential documents, US officials said Monday.
This incident happened at the beginning of December (December) and it was revealed in a letter written by the Ministry of Finance which was written to the law makers informing them about this incident.
The US agency described the breach as a “major incident”, and said it was working with the FBI and other agencies to investigate the impact.
A spokesperson for the Chinese embassy in Washington, DC told BBC News that the accusations were part of a “smear attack” and were made “without facts”.
The Treasury Department said in a letter to lawmakers that the China-based actor was able to bypass security with a key used by a third-party service provider that provides remote technical assistance to its employees.
The affected third-party service — called BeyondTrust — has since been taken offline, officials said. They added that there is no evidence to show that the hacker has continued to obtain information from the Ministry of Finance since that time.
Along with the FBI, the Department has been working with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact of the breach.
Based on the evidence they have gathered so far, officials say the hack appears to have been carried out by a “Chinese Advanced Persistent Threat (APT) actor.”
“In accordance with Treasury Department policy, the APT intrusion is considered a major cybersecurity incident,” Treasury officials wrote in their letter to lawmakers.
The Ministry was notified of the beyondTrust hack on December 8, said a BBC spokesperson. According to the company, the suspicious incident first appeared on December 2, but it took three days for the company to discover that it had been hacked.
The spokesman added that the hacker was able to remotely access the workstations of Treasury users and some unspecified documents stored by those users.
The Department did not specify the nature of these files, or when and how long they were hacked. They also did not specify the level of confidentiality of the computer systems. For example, access to 100 low-level employees will not be very useful and you can only access 10 computers in a high-level department.
Hackers may have been able to create accounts or change passwords in the three days that BeyondTrust was looking at.
Like spy agents, it is believed that the hackers were looking for information, rather than trying to steal money.
A spokesperson said the Treasury Department “takes seriously all threats to our systems, and the data it holds,” and that it will continue to work to protect its data from external threats.
The Ministry’s letter says that a further report on this incident will be given to the lawmakers in 30 days.
Chinese Embassy spokesperson Liu Pengyu dismissed the department’s report, saying in a statement that it may be difficult to find the origin of the criminals.
“We hope that the relevant parties will have a professional and responsible attitude when reporting cyber incidents, base their conclusions on sufficient evidence instead of baseless speculations and suspicions,” he said.
“The United States must stop using cyber security to slander and slander China, and stop spreading all kinds of disrespect about China’s so-called hacking threats.”
This is the latest high-profile and embarrassing breach in the US blamed on Chinese hackers.
It follows another hack of phone companies in December that may have breached phone recording data in many areas of the American public.
Source link
