Letter: the US Treasury says China-backed hackers gained access to some Treasury workstations and unclassified docs; a vendor notified it of the hack on Dec. 8
FBI Investigation Underway, China Suspected Huileng Tan / Business Insider : The US Treasury says some computers were breached by China-backed hackers United States Department of the Treasury : Dear Chairman Brown and Ranking Member Scott: Travis Maurer / WAGA-TV : Johns Creek company at center of U.S. Treasury hack probe Ermes Adriano / Bitcoin Insider : Allegedly Chinese Hackers Breached US Treasury Department ABC : US Treasury says Chinese hackers led a ‘major cybersecurity’ breach Lily Hay Newman / Wired : US Treasury Department Admits It Got Hacked by China Pierluigi Paganini / Security Affairs : China-linked actors hacked US Treasury Department Vulnerable U : U.S. Treasury Department Hit by Chinese APT in ‘Major’ Cyberattack PYMNTS.com : Treasury Department Workstations Breached by Hackers via Third-Party Vendor Edward Targett / The Stack : US Treasury breached after BeyondTrust API key leaked. The Times : US Treasury ‘hacked by China in major security breach’ Leslie Eastman / Le·gal In·sur·rec·tion : U.S. Treasury Reports Cyberattack by Chinese Hackers CBS News : U.S. Treasury says Chinese hackers stole documents in “major incident” Chance Townsend / Mashable : U.S. Treasury confirms it was breached by China-backed hackers Becky Bracken / Dark Reading : Chinese State Hackers Breach US Treasury Department David DiMolfetta / Nextgov/FCW : Chinese-sponsored hackers accessed Treasury documents in ‘major incident’ Benzinga : China-Linked Hackers Breach US Department Of Treasury Brayden Lindrea / Cointelegraph : China denies involvement after ‘major’ breach of US Treasury workstations Duncan Riley / SiliconANGLE : Third-party provider hack exposes US Treasury Department unclassified documents Ian Carlos Campbell / Engadget : The US Treasury Department says it was hacked in a China-linked cyberattack Ward Clark / RedState : SHOCKER: Chinese Hacker Breaches US Treasury Department Connor Hart / Wall Street Journal : Treasury Department Says Systems Hacked by China-Backed Actor Gustaf Kilander / The Independent : Chinese hackers accessed U.S. Treasury workstations and unclassified documents Chris Riotta / DataBreachToday.com : Chinese Hackers Breach US Treasury in ‘Major Incident’ Cullen Linebarger / The Gateway Pundit : U.S. Treasury Department Allegedly Hacked in Cyber Attack Launched by China Sam Sabin / Axios : Treasury Department responds to “major” breach linked to China South China Morning Post : US Treasury says it was hacked by Chinese state-sponsored actor Matthew Impelli / Newsweek : US Treasury Targeted by Chinese Hackers in ‘Major’ Incident, Agency Says Nadine Yousif / BBC News : US Treasury says it was hacked by China in ‘major incident’ Sky News Australia : Chinese Communist Party-affiliated hacker breaks into US Treasury Department system in ‘major incident’ Susanna Siddell / GB News : US Treasury HACKED by China as documents stolen in ‘major incident’ Julia Shapero / The Hill : Chinese hackers breached Treasury Department, agency says Al Jazeera : China blamed by US for Treasury Department hack Jessica Kwong / Metro.co.uk : US Treasury hacked by China in ‘major incident’ Associated Press : ‘Major’ cyber incident: Chinese hackers access Treasury Department computers and documents Good Morning America : Treasury Department hit in cyberbreach by China-sponsored actor, officials say Pranshu Verma / Washington Post : U.S. Treasury says it was hacked by China-backed actor Ryan King / New York Post : Chinese hackers infiltrate US Treasury in major cyberattack, officials tell Congress Sarah K. Burris / Raw Story : ‘Major incident’: China reportedly hacks Treasury Department Fox Business : CCP-affiliated hacker breaks into Treasury Department system in ‘major incident’ Agence France-Presse : US Treasury Says Was Targeted By China State-sponsored Cyberattack Josef Al Shemary / LBC : Chinese hackers accessed US Treasury Department in ‘major cybersecurity incident’, agency says E-obyrnemulligan / The i Paper : US Treasury accuses Chinese hackers of stealing documents Tom Chivers / Semafor : US Treasury says China-backed hackers breached its systems Thomas Stevenson / The Post Millennial : BREAKING: US Treasury hacked by China in ‘major incident’: report The Defense Post : China Slams ‘Groundless’ Claims of Cyberattack on US Treasury David Matthews / New York Daily News : Chinese hackers stole documents, accessed workstations in ‘major incident,’ Treasury Department says NewsNation : China hacked Treasury Department earlier this month: Officials Bluesky: Lukasz Olejnik / @lukaszolejnik : The breach is attributed to a China state-sponsored APT group. China denies involvement, calling the claims political. www.beyondtrust.com/remote-suppo... techcrunch.com/2024/12/30/u... Isabel Santos / @isabelsantos : BREAKING NEWS — In a letter reviewed by CNN, a Treasury official said it was informed by a third-party software service provider on December 8 that a threat actor used a stolen key to remotely access certain Treasury workstations and unclassified documents. — www.cnn.com/2024/12/30/i... @juwanthecurator : “It's too dangerous to allow the public to use TikTok because its owner may let China access its data. Oh by the way, a federal government subcontractor made it possible for Chinese hackers to access data of the U.S. Treasury. Oopsie.” — www.nbcnews.com/tech/securit... Paul Schwartz / @paulschwartz : After China's hack of telecom providers in US, we have its hack of the U.S. treasury dept. www.theguardian.com/us-news/ 2024... Dare Obasanjo / @carnage4life : At first, it was puzzling why CrowdStrike hadn't lost customers after their disastrous update. — Then it hit me: everyone's getting hacked from governments to companies and they make top-tier security software. — The alternative? Being vulnerable in a world full of state-funded hackers. Chirag Mehta / @chirag : This happens to be a state-sponsored attack but the reality is that there were critical vulnerabilities in the BeyondTrust Remote Access solution that “allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user.” That's serious stuff. … @watchdogprg : US treasury's workstations breached in cyber-attack by China. — Third-party cybersecurity service provider was compromised and some unclassified papers were accessed. www.theguardian.com/us-news/ 2024... @joetidy : Chinese state-sponsored hackers broke into the U.S. Treasury Department this month and stole documents from its workstations, according to a letter to lawmakers, opens new tab that was provided to Reuters on Monday. — www.reuters.com/technology/c... X: Lorenzo Franceschi-Bicchierai / @lorenzofb : NEW: U.S. Treasury officials says it was hacked in early December by Chinese government hackers, which gained remote access to workstations and obtained unclassified documents. We include the full letter sent by Treasury to lawmakers about the hack. https://techcrunch.com/... Jake Williams / @malwarejake : If it is Privileged Remote Access, then these are probably either break glass systems/accounts or vendors providing support for specialized software. In either case, I'd expect the fallout to be more significant than Treasury is currently indicating. 2/2 John Scott-Railton / @jsrailton : 2/ The talented reporting crew of @razhael & @AJVicens point to a recent posting by @BeyondTrust... In which #BeyondTrust says they identified a series of vulnerabilities in their remote support tools and have pushed out patches. @TomHegel rightly points out the longstanding [image] Arthur Bloom / @j_arthur_bloom : BeyondTrust is another Francisco Partners company, which bought NSO Group @commanderapaul : A “cloud-based technical support product” from BeyondTrust is probably Bomgar. Based on that, either they got access to the key used to authenticate support session keys, or they were able to access machines configured for unattended support. Jake Williams / @malwarejake : So which BeyondTrust product did threat actors abuse in the Treasury breach? Based on the description, seems like it was either Remote Support or Privileged Remote Access. Neither is great, but the latter seems a LOT worse. 1/2 John Scott-Railton / @jsrailton : NEW: #China government hackers breached the @USTreasury through a security vendor Sounds like it went like this: STEP 1: First, attackers targeted Treasury vendor @BeyondTrust STEP 2: Stole #BeyondTrust's key for a remote tech support cloud platform. STEP 3: Attackers used [image] @committeeonccp : BREAKING: China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says “A state-sponsored actor in China hacked the U.S. Treasury Department, gaining access to the workstations of government employees and unclassified documents.” https://www.nytimes.com/... Alexei Bulazel / @0xalexei : Another major Chinese cyber espionage effort against the US caught - this time against @USTreasury How much information was exfiltrated? Were other government agencies using @BeyondTrust also hit by? How many other shoes are yet to drop? Congressman Raja Krishnamoorthi / @congressmanraja : This is unacceptable. As Ranking Member of the Select Committee on the CCP, I'll be requesting a briefing from the Treasury Department and working with my colleagues to ensure we protect our nation against these types of brazen attacks. https://www.washingtonpost.com/ ... LinkedIn: Tara Lemieux : For years, the People's Republic of China (PRC) has been conducting increasingly brazen cyber campaigns, targeting U.S. government agencies, defense contractors, and private industry. … Forums: r/technews : The US Treasury Department was hacked r/Economics : US Treasury says it was hacked by China in ‘major incident’ r/Superstonk : 🔮 US Treasury just got hacked in “Major Incident” 💥 r/wallstreetbets : Pack it up boys US Treasury just got hacked r/politics : ‘Major incident’: China-backed hackers breached US Treasury workstations r/PrepperIntel : China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says r/technology : China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says r/politics : US Treasury Says It Was Hacked by Chinese State-Sponsored Actor r/worldevents : ‘Major incident’: China-backed hackers breached US Treasury workstations r/technology : ‘Major incident’: China-backed hackers breached US Treasury workstations r/politics : China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says r/technology : US Treasury says Chinese hackers stole documents in ‘major incident’ r/Destiny : China Hacked Treasury Dept. in ‘Major Incident,’ U.S. Says r/neutralnews : China Hacked Treasury Dept. in ‘Major Incident,’ U.S. Says