A Chinese state-sponsored hacker broke into the US Treasury Department’s systems earlier this month and was able to access employees’ workplaces and some anonymous documents, US officials said Monday.
The Ministry of Finance considered this action as a “major incident” after disclosing it in a letter informing the law makers about the incident.
The US agency said it was working with the FBI and other agencies to investigate the impact of the hack.
A spokesperson for China’s embassy in Washington DC told BBC News that the allegations were part of a “smear attack” and were made “without facts”.
The Treasury Department said in its letter to law enforcement that a China-based actor was able to bypass security with a key used by a third-party service provider. The app provides remote technical support to its employees.
The affected third-party service — called BeyondTrust — has since been taken offline, officials said. There is no evidence that the hacker has continued to gain access to the Treasury Department’s information since, the statement continued.
The department said it was working with the Cybersecurity and Infrastructure Security Agency and third-party law enforcement investigators to determine the full impact.
Officials said initial investigations revealed that the hack appeared to be carried out by a “Chinese Advanced Persistent Threat (APT) actor”.
“In accordance with Treasury Department policy, the APT hack is considered a major cybersecurity incident,” Treasury Department officials said.
The ministry was informed about the beyondTrust robbery on December 8, said a BBC spokesperson. According to the company, the suspicious incident first appeared on December 2, but it took three days for the company to discover that it had been hacked.
The spokesman said the hacker was able to remotely access Treasury users’ workstations and other confidential documents stored by those users.
The department did not specify the nature of these files, nor when and for how long the hack took place. They also did not specify the level of secrecy of the computer systems or the size of the personnel accessed.
Hackers may have been able to create accounts or change passwords in the three days that BeyondTrust was looking at.
Like spy agents, it is believed that the hackers were looking for information, rather than trying to steal money.
A spokesman said the Treasury “takes seriously all threats to our systems, and the data it holds”, and that it will continue to work to protect its data from external threats.
The department’s letter says that a further report on the incident will be given to lawmakers in 30 days.
Chinese embassy spokesperson Liu Pengyu dismissed the department’s report, saying in a statement that it may be difficult to find the origin of the criminals.
“We hope that the relevant parties will have a professional and responsible attitude when reporting cyber incidents, base their conclusions on sufficient evidence instead of baseless speculations and suspicions,” he said.
“The United States must stop using cyber security to slander and slander China, and stop spreading all kinds of disrespect about China’s so-called hacking threats.”
This is the latest high-profile and embarrassing breach in the US blamed on Chinese hackers.
It follows another hack of phone companies in December that may have breached phone recording data in many areas of the American public.
Source link
