According to a letter from the US Treasury Department to lawmakers released on Monday, December 30, hackers backed by China successfully infiltrated the department’s systems and stole government documents this month.
Cybercriminals take Google Chrome extensions for cyberattack
The breach, first reported by Reuters, highlights yet another case of government-sponsored cyber-espionage targeting US government employees – just after AT&T and Verizon finally dealt with Hurricane Salt. In a statement to Senator Sherrod Brown, chairman of the Banking, Housing and Urban Affairs Committee, the Treasury Department confirmed that the attack took place in December.
In the letter, the Department says the breach was flagged by a third-party cybersecurity vendor, BeyondTrust, which discovered that attackers had compromised the key used to protect the cloud-based service. That service was part of providing remote technical support to end users within the department’s offices.
Mashable Light Speed
“By accessing the stolen key, the threat actor was able to [to] bypass the security of the service, remotely access the workstations of Treasury DO users, and access certain unspecified documents maintained by those users,” the letter reads.
The Ministry of Finance stated that it was notified of the breach on 8 Dec. and is working with the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) to assess the scope of the incident. Reuters reports that the FBI has not responded to requests for comment, while CISA has directed questions back to Treasury.
Articles
Cybersecurity Government
