The US Treasury Department was hacked

The U.S. Treasury Department suffered a “significant” security incident after Chinese state-backed hackers broke into third-party remote management software used by the Treasury Department. reported earlier new york times.

See in a letter to lawmakers edgeThe Treasury Department said BeyondTrust, the company behind its remote management software, notified the agency of a breach on December 8.

Threat actors stole keys used by BeyondTrust to “protect a cloud-based service used to provide remote technical support to Department of the Treasury (DO) end users.” With the key, they can go beyond security and remotely access those users’ workstations and “some non-confidential files” they maintain.

The U.S. Treasury Department said it worked with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI following the attack, which is considered an advanced persistent threat sponsored by the Chinese state. (APT) hackers. “The compromised BeyondTrust service has been taken offline, and there is no evidence that the threat actor continued to access Treasury systems or information,” U.S. Treasury Department spokesman Michael Gwin said in a statement. edge.

The attack appears to be related to a security incident BeyondTrust Disclosure Earlier this month, the impact Customers use their remote support software. At the time, BeyondTrust attributed the attack to a compromised API key for its remote support software, adding that it “immediately revoked the API key, notified known affected customers, and suspended it the same day.” these examples. edge BeyondTrust was contacted for comment but did not receive an immediate response.

“Treasury takes all threats to our systems and the data they hold very seriously,” Gwin said. “Over the past four years, Treasury has significantly strengthened its cyber defenses and we will continue to work with the private and public sectors to Partners work together to protect our financial system from threat actors.”