Chinese state-sponsored hackers have breached several US Treasury Department workstations and accessed unclassified documents by exploiting a vulnerability in a third-party software service, the department announced. Officials are investigating the breach as a major cybersecurity incident.
Hackers Exploit Vendor Security Flaw to Breach US Treasury Systems
The hackers infiltrated the Treasury's systems through a security key stolen from BeyondTrust, a third-party vendor providing technical support.
This key allowed the attackers to bypass security protocols, remotely access employee workstations, and obtain unclassified documents. Treasury officials were alerted to the breach on December 8, prompting the compromised service to be taken offline.
Although the department reports no evidence of ongoing unauthorized access, the incident underscores vulnerabilities in critical government systems.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are collaborating with the Treasury to assess the full impact of the attack, USA Today said.
China's government has strongly denied involvement, stating its opposition to all forms of hacking. Beijing's foreign ministry dismissed the allegations as baseless and politically motivated, while a Chinese Embassy spokesperson accused the US of spreading disinformation to tarnish China's reputation.
Salt Typhoon Tactics: Chinese Hackers Exploit Trusted Services in Treasury Attack
According to CBS News, the Treasury breach aligns with a broader pattern of Chinese cyberespionage targeting US infrastructure. Recently, a campaign dubbed "Salt Typhoon" allowed Chinese operatives to access private communications of numerous Americans.
Security experts note that incidents involving trusted third-party services have become a hallmark of Chinese-linked hacking efforts.
Tom Hegel, a cybersecurity researcher, emphasized that such attacks exploit trusted services to penetrate high-value targets, increasing the challenge of safeguarding sensitive data.
Treasury officials highlighted steps taken to improve cybersecurity in recent years, including bolstering defenses against increasingly sophisticated threats. A Treasury spokesperson reiterated the department's commitment to protecting the financial system from cyber threats.
The breach has reignited concerns about the security of government systems and the risks posed by relying on external vendors. Experts urge a reevaluation of cybersecurity protocols to mitigate future threats.
This incident serves as a stark reminder of the evolving nature of cyberattacks and the need for robust preventive measures to protect national interests.
