US Treasury Department Admits It Got Hacked by China

“I can’t believe we’ll see command injection vulnerabilities in any product in 2024, let alone a secure remote access product that should go through extra scrutiny from the U.S. government before it can be used,” said Hunter Strategy, a cybersecurity consulting firm and former NSA Hacks. “They are by far the easiest bugs to identify and fix.”

BeyondTrust is a certified Federal Risk and Authorization Management Program provider, but Williams speculated that the Treasury Department may be using a non-FedRAMP version of the company’s remote support and privileged remote access cloud products. However, Williams said that if this breach does affect FedRAMP certified cloud infrastructure, “this may be the first breach and almost certainly the first abuse of FedRAMP cloud tools to facilitate remote access to customer systems.” “

The breach comes as U.S. officials have Race to solve massive espionage operation The damage to U.S. telecommunications has been blamed on a Chinese-backed hacker group called Salt Typhoon. white house official tell reporters Typhoon Yan damaged nine U.S. telecommunications companies on Friday.

“We don’t leave our homes unlocked, our offices unlocked, but our critical infrastructure — the private companies that own and operate our critical infrastructure — often don’t have basic cybersecurity practices, which will make our Infrastructure is riskier, more costly and more difficult Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said on Friday:

Treasury, CISA and FBI officials did not respond to Wired’s questions about whether the hacker who breached the Treasury Department was Salt Typhoon. In a disclosure to Congress, Treasury officials said they would provide more details about the incident in the department’s required 30-day supplemental notification report. As details continue to emerge, Hunter Strategy’s Williams said the size and scope of the breach may be greater than currently apparent.

“I expect the impact will be more significant than just obtaining some unclassified documents,” he said.