December 31st 2024.
The US Treasury Department has recently been notified of a concerning event involving the infiltration of their workstations by a China state-sponsored actor. This incident has been described as a "major incident" by officials. According to a letter obtained by CNN, the Treasury was informed on December 8th by a third-party software service provider that a threat actor had gained access to certain workstations and unclassified documents using a stolen key.
In the letter, Aditi Hardikar, the assistant secretary for management at the US Treasury, stated that available evidence points to a Chinese state-sponsored Advanced Persistent Threat actor as the culprit behind this breach. The compromised service has since been taken offline and the Treasury is working closely with law enforcement and the Cybersecurity and Infrastructure Security Agency to address the issue. A spokesperson for the Treasury has assured that there is no evidence suggesting the threat actor still has access to their systems or sensitive information.
In light of this breach, Treasury officials are planning to hold a classified briefing next week with members of the House Financial Services Committee. The exact date and time of the briefing have yet to be determined. The letter also revealed that the third-party software service provider, BeyondTrust, reported a security incident involving their Remote Support product on December 2nd. They have since taken steps to mitigate future threats and are working with outside cybersecurity experts to investigate the cause of the breach.
It is still unclear how many workstations were infiltrated, but the Treasury spokesperson has confirmed that "several" user workstations were accessed. Hardikar also mentioned in the letter that, according to Treasury policy, incidents involving advanced persistent threat actors are considered major cybersecurity incidents. As such, they are required to provide an update in a 30-day supplemental report. However, it is uncertain if the Treasury has fully determined the extent of the damage caused by the breach.
To gain a better understanding of the incident and its impact, the Treasury has been collaborating with the Cybersecurity and Infrastructure Security Agency, the FBI, US intelligence agencies, and third-party forensic investigators. The letter also stated that CISA was immediately notified once the Treasury became aware of the attack, and the rest of the relevant authorities were informed as soon as the full scope of the breach was known.
For those wanting to stay updated on this ongoing situation, the Treasury has recommended downloading the 9News app to receive notifications on the latest developments. It is available for download on both the Apple App Store and Google Play.
[This article has been trending online recently and has been generated with AI. Your feed is customized.]
[Generative AI is experimental.]
