A third-party cybersecurity service provider for government agencies BeyondTrust sent a letter on December 8, 2024, notifying that a “major incident” happened to the Treasury Department data. The CCP (Chinese Communist Party) backed hackers were suspected to be responsible for breaching data in the Treasury Department.
BeyondTrust explained in the letter that the hackers accessed government employee workstations and unclassified documents. But the overall impact of the breach is still under assessment by the FBI and intelligence services CISA.
The method was revealed that hackers sneaked into BeyondTrust's platform to gain access to a digital key and bypass critical security protocols to get the information.
After BeyondTrust discovered the data breach they took measures to address the security incident by simply turn off the platform and notified the limited number of customers who were involved and supported the investigative efforts by the lawmaker.
After putting the service system offline, they guarantee that the hackers no longer have access to Treasury information.
China, again, denied involvement in this incident that is attributed to China-based Advanced Persistent Threat (APT) actor. Previously, the latest cyberattack linked to the Chinese hacker group was on nine U.S. telecommunications companies, but China rejected any responsibility for the hack in both incidents.
“Beijing firmly opposes the U.S.'s smear attacks against China without any factual basis," said a spokesperson for the Chinese Embassy in Washington.
The hack reveals a rising scale of cyber activities from foreign players especially China. Trusting third party software provider for important systems seems not a very good idea.
