US Treasury says Chinese hackers stole documents in ‘major incident’
According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said.
The Treasury Department said it was alerted to the breach by Beyond Trust on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack’s impact.
Treasury officials didn’t immediately respond to an email seeking further details about the hack. The FBI did not immediately respond to Reuters’ requests for comment, while CISA referred questions back to the Treasury Department.
