The attack was able to exploit vulnerabilities in a third-party service provider to gain access to documents.
The US Department of Treasury revealed in a letter sent on 30 December 2024 that it suffered a “major” cybersecurity incident at the hands of a Chinese state-sponsored threat actor.
Yesterday (1 January), the Washington Post revealed that the cyberattack, in addition to targeting the treasury department, also affected the Office of Foreign Assets Control, which government officials said reflected Beijing’s determination to acquire intelligence on the US, one of China’s major economic and political rivals. However, China has denied any involvement in the attack.
Moreover, the Chinese government could also be interested in determining entities that the US government might be considering for financial sanctions, the publication reports – a conflict that has ramped up in recent months with the US placing its third clampdown on the Chinese semiconductor industry in three years in a bid to impair the country’s semiconductor production capabilities.
The treasury department was notified by the third-party software service provider BeyondTrust on 8 December last month that a threat actor gained access to a “key” used by the vendor to secure services which provide remote tech support to the department users. Through the stolen key, the threat actor was able to access unclassified documents maintained by the users, the 30 December letter sent to lawmakers revealed.
According to the letter, the incident was attributed to a China state-sponsored advanced persistent threat actor, but government officials said that lax cybersecurity employed by third-party vendors led to the cyber incident.
However, Liu Pengyu, the Chinese Embassy’s spokesperson in Washington called the claim “irrational” and “without any factual basis”, representing”smear attacks” against Beijing while the Chinese Foreign Ministry called them “groundless” and said that Beijing “has always opposed all forms of hacker attacks.”
On 18 December, service provider BeyondTrust identified a “medium-severity vulnerability” within its remote support and access products, which it has since patched, it said.
Earlier last month, Salt Typhoon, a well-known Chinese hacking group breached at least eight US telecommunications providers with the intention of spying on US political figures, while a Chinese “state-sponsored” attack botnet attack by Flax Typhoon, another Chinese hacking group was foiled by the US government earlier this year.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
