Chinese-backed hackers breach U.S. treasury via tech flaw

The attackers gained access to the Treasury Department systems through BeyondTrust, a cybersecurity services provider that offers remote technical support. By compromising a security key used by BeyondTrust, the hackers managed to bypass security measures and gain access to user workstations, the report reads.

A threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users, as stated in a letter to Senators Sherrod Brown and Tim Scott.

According to NBC News, Chinese authorities categorically denied the accusations. "China consistently opposes all forms of hacking and is firmly against the spread of false information targeting China for political purposes," declared Mao Ning, spokeswoman for the Chinese Ministry of Foreign Affairs.

U.S. authorities, including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and forensic specialists, are working on a full assessment of the incident and its potential implications.

According to NBC News, a Treasury Department spokesperson assured that "the compromised BeyondTrust service has been taken offline" and that there is "no evidence indicating the threat actor has continued access to Treasury systems or information. "

Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actorsThe department takes all threats to its systems and data very seriously. Cyber defenses have been significantly strengthened in recent years, it was added in the statement.