The US Department of Treasury is accusing China for a hack that it recently suffered earlier this month.
The Treasury yesterday sent a letter to US lawmakers informing them of the “major” cyber security incident.
The US Department of the Treasury is a federal executive department responsible for managing the government's finances and promoting economic stability and growth.
However, the Chinese government has reportedly denied the allegations.
“In accordance with the requirements of the Federal Information Security Modernisation Act of 2014 (FISMA) and criteria provided in Office of Management and Budget (OMB) memorandum 24-04, this letter provides notice that the Department of the Treasury has determined that a major incident occurred,” reads the letter.
On 8 December, it notes, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.
With access to the stolen key, it explains, the threat actor was able override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.
Treasury has been working with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, the Intelligence Community, and third-party forensic investigators to fully characterise the incident and determine its overall impact.
The department points out that CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident.
According to Treasury, based on available indicators, the incident has been attributed to a China state-sponsored advanced persistent threat (APT) actor.
It says the compromised BeyondTrust service has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information.
“The investments we have made using discretionary appropriations provided under the Cybersecurity Enhancement Account have helped ensure we have strong incident processes and access to detailed logs to support our incident response efforts.
“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cyber security incident. More details will be made available in our 30-day supplemental report to this notification, which we are required to provide under FISMA and OMB guidance,” it concludes.
BBC reports that Chinese embassy spokesman Liu Pengyu denied the department's report, saying in a statement that it can be difficult to trace the origin of hackers.
“We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said.
“The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”
Share