The U.S. Treasury Secretary told lawmakers on Monday that a cyber attack in early December was blamed on Chinese government hackers.
In a letter shared with US senators, TechCrunch has seen it.Hackers gained remote access to some Treasury staff workstations and accessed unclassified documents in what it described as a “major cyber security incident”, the Treasury said.
BeyondTrust, a company that provides identity access and remote access technology to large organizations and government departments, said on Dec. 8 that hackers “gained access to a key used by a vendor that provides remote access technology support.” Treasury staff. BeyondTrust He told the incident at that time.He did not say how the key was obtained.
A spokesperson for BeyondTrust did not respond to a request for comment at the press conference.
The letter said the department had contacted the US cyber security agency CISA for assistance and that as of December 30, “there is no evidence that the threat actor continues to have access to financial information.”
In the letter, the Ministry of Finance confirmed that the breach was sponsored by the Chinese government. Advanced persistent threat The group is backed by the Chinese government. It was not immediately clear which group was behind the intrusion, and a spokesman would not say.
In a brief statement; Treasury spokesman Michael Gwin said the hackers were able to “remotely access multiple Treasury user workstations and some of the unclassified documents maintained by those users.”
“The Treasury Department takes all threats to our systems and its data very seriously. In the last four years, “The Treasury has significantly strengthened its cyber defenses and will continue to work with private and public sector partners to protect our financial system from threats.” The spokesperson said.
It is the latest cyber attack linked to China that has targeted the US government in recent months. Chinese-backed hackers named Salt Tycoon are behind it. A wave of cyber attacks It targeted major US phone and internet companies, including AT&T and Verizon, and sought to access the private communications of senior US government officials, including presidential candidates.
Liu Pengyu, a spokesman for the Chinese embassy in Washington, D.C., denied that the U.S. government had implicated the U.S. government in the cyber attack and denied any evidence for its claims.
Updated with comments from the Chinese government.
Do you know more about the BeyondTrust cyber attack or the incident at Treasury? You can securely communicate and send files and documents on Signal and WhatsApp at +1 646-755-8849. SecureDrop.