• Uncategorized

    The US Treasury Department has admitted that it was hacked by China

    admin Posted on

    BeyondTrust: The Treasury Department’s Cyber-Scale Cyber-Espionage Investigation uncovered by a Hacker on an Employee Workstation

    The US Treasury Department was the subject of a disclosure notice that revealed a recent hack that allowed hacker to access some computers.

    The disclosure says that Treasury has been working with a wide range of stakeholders to evaluate the situation. WIRED asked the FBI and Treasury for more information about the breech, but they didn’t return it. The questions were forwarded to the Treasury Department. BeyondTrust was not immediately available for comment about the situation.

    The revelation comes as U.S. officials are continuing to grapple with the fallout of a massive Chinese cyberespionage campaign known as Salt Typhoon that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans. The number of companies that have been affected has gone up to 9, according to the top White House official.

    The Treasury Department said it learned of the problem on Dec. 8, when a third-party software service provider, BeyondTrust, flagged that hackers had stolen a key “used by the vendor to secure a cloud-based service used to remotely provide technical support” to workers. The hackers were able to gain access to several employee workstations because of that key.

    The compromised service has since been taken offline, and there’s no evidence that the hackers still have access to department information, Aditi Hardikar, an assistant Treasury secretary, said in the letter Monday to leaders of the Senate Banking Committee.

    The department said it was investigating the impact of the hack, and that it had been blamed on Chinese state-sponsored culprits. It didn’t say what it was.

    The critical command injection vulnerability and the medium-severity command injection vulnerability were mentioned in the BeyondTrust alert. The former CVE was added to the “known exploited vulnerabilities catalog” on December 19. Command injection vulnerabilities are common application flaws that can be easily exploited to gain access to a target’s systems.

    Tagged:

    admin
    View all posts

    You Might Also Like