Skip to content
Sign In Subscribe
The best new electronics.Us treasury has been hackedFbiChinaTreasuryHackingUs treasuryTreasury hackUs treasury hackChina hackersBeyondtrust

U.S. Treasury Assault Confirmed as FBI Launches Probe

Investigation led by the FBI ensues following alleged cyber attack on the U.S. Treasury, which sources attribute to state-backed hackers linked to the Chinese administration.

 and  Administrator
3 min read
The emblem of the American Department of the Treasury.
The emblem of the American Department of the Treasury.

U.S. Treasury Assault Confirmed as FBI Launches Probe

Update, Jan. 2, 2025: This report, initially published Dec. 31, 2024, has been revised with insights from Dr. Raphael Yahalom, a researcher at MIT Sloan School of Management specialized in emerging strategies for strengthening cybersecurity.

A Dec. 29 letter to the Committee on Banking, Housing, and Urban Affairs from Aditi Hardika, the department's undersecretary for management at the US Department of the Treasury, confirms that hackers affiliated with China infiltrated the system and accessed certain unclassified documents during a Dec. 8 attack. The inquiry, in collaboration between the Department of the Treasury and the FBI, is ongoing.

FBI Investigation Ongoing and Timeline of Treasury Hack

Hardika's document, released to this reporter, stated that "the Department of the Treasury has acknowledged an incident that occurred on December 8, 2024." The notification stemmed from a third-party software company, Beyond Trust, that serves the Treasury.

"A hacker gained access to the key used by the vendor to secure a cloud-based service used to provide remote support to Treasury staff," Hardika said, "Gaining access to this stolen key, the hacker was able to bypass the service's security, remotely access specific Treasury workstations, and obtain unclassified documents from those users."

The delay between the Treasury becoming aware of the security incident and reporting it to the Committee on Banking, Housing, and Urban Affairs appears to have resulted from information collection, which underscored the scale of the attack. The Treasury immediately contacted the Cybersecurity and Infrastructure Security Agency once they were made aware of the attack, while the FBI, intelligence community, and third-party digital forensic experts followed suit upon realizing the magnitude of the attack.

"Preliminary findings," Hardika said, "indicate that the incident has been linked to a China-backed sophisticated, persistent threat actor."

Treasury Insufficiently Prepared for Cybersecurity Incidents, MIT Research Affiliate Asserted

Dr. Raphael Yahalom, a researcher at MIT Sloan School of Management, concentrates on employing new scientific methods to evaluate and prioritize cybersecurity risks, measure progress in cybersecurity, and assess its business value. "It appears that the Treasury, much like other businesses and government agencies," Yahalom said, "was underprepared for such scenarios in multiple important aspects."

Those shortcomings, Yahalom clarified via email, included:

  • Overlooking BeyondTrust as a potential critical single point of failure and disregarding a more decentralized strategy for high-impact 'privileged access management' applications.
  • Failing to thoroughly evaluate the likelihood of such a cyber breach at BeyondTrust, or other major third-party providers, by analyzing the strength of their internal end-to-end development and operations processes.
  • Neglecting to adopt more advanced authentication and reset methods involving private keys.
  • Ignoring potential downstream Treasury asset dependencies that a third-party compromise could affect, directly or indirectly, besides unauthorized access to multiple confidential data repositories (additional attack vectors can result in data manipulation and multiple operational disruptions).
  • Forgoing systematic risk analysis and testing to establish suitable levels of resiliency in the face of such cyber breaches of BeyondTrust or other critical third-party partners.

"Generally," Yahalom concluded, "novel cyber risk management frameworks are needed in the industry, enabling more efficient handling of such requirements."

I have reached out to the Treasury for comment.

FBI and CISA Dismiss Future Access to Treasury Information, China Denies Involvement

A representative from the Chinese Foreign Ministry, Mao Ning, stated that China firmly opposes all cyberattacks and is particularly averse to false accusations that lack evidence being spread for political purposes. Ning stressed repeated denials of Beijing's involvement in such groundless accusations.

According to the US Treasury, the impaired service from BeyondTrust has been deactivated, and investigations led by CISA and the FBI have not found any evidence of continued access to Treasury information.

  1. The letter from Aditi Hardika mentioned that the US Treasury hack was linked to hackers affiliated with China, indicating a potential involvement of China's sophisticated, persistent threat actors.
  2. The ongoing investigation between the Department of the Treasury and the FBI is focusing on the hacking incident that involved the treasury system and access to certain unclassified documents.
  3. The US Treasury acknowledged the 'treasury hack' incident that happened on December 8, 2024, which was attributed to a hacker gaining access to a key used by the vendor, Beyond Trust, to secure a cloud-based service.
  4. The FBI and CISA have not found any evidence of continued access to Treasury information after the deactivation of the impaired service from BeyondTrust, denying any future involvement of China in the hack.
  5. According to reports, MIT researcher Dr. Raphael Yahalom criticized the US Treasury's preparedness in dealing with cybersecurity incidents, pointing out several shortcomings, including insufficient vulnerability assessments and lack of advanced authentication methods.

Read also:

    Comments

    Related

    Latest