- BeyondTrust, which has contracts with various federal agencies, including the US Treasury Department, identified the breach in its Remote Support product on December 2.
- The company revoked the compromised API key and notified affected customers, while cooperating with law enforcement and cybersecurity agencies.
On Monday, the US Treasury Department said that a Chinese state-sponsored actor was behind the breach of its employee workstations by using a third-party software service provider BeyondTrust. However, the Chinese government has absolutely denied responsibility while refuting the allegations from the Treasury Department.
Aditi Hardikar, assistant secretary for management at the Treasury, stated: “Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor”.
China Refuses Role in US Treasury Department Hack
Following these allegations, China denied any involvement in the attack, with a spokesperson telling Reuters that the country “firmly opposes the U.S.’s baseless smear attacks against China”. “There is no evidence indicating the threat actor has continued access to Treasury systems or information,” they added. In the meantime, the affected service has been taken offline, according to Hardikar’s statement to U.S. Senators Sherrod Brown and Tim Scott of the Banking Committee.
Treasury officials are collaborating with the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, U.S. intelligence agencies, and third-party forensic investigators to conduct a thorough review of the incident.
In an email statement to Bloomberg, the Chinese embassy in Washington slammed the Treasury Department, noting:
The US needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat.
Here’s How the Breach Happened
Software platform BeyondTrust, which provides access software and other cybersecurity products, holds contracts with the federal government totaling over $4 million. Apart from the US Treasury Department, it also works with agencies such as the Department of Veterans Affairs, the Department of Defense, and the Department of Justice.
A company spokesperson stated that the security breach had impacted a limited number of customers, who have received notifications and are receiving support. The company has also contacted law enforcement and is cooperating with the investigation.
BeyondTrust identified the security incident in its Remote Support product on December 2, and after confirming “anomalous behavior” on December 5, it promptly revoked the API key and notified affected customers. Additional details will be shared in a 30-day supplemental report required under the Federal Information Security Modernization Act.
According to CNN, Treasury officials are reportedly preparing for a classified briefing next week regarding the breach, set to include staffers from the House Financial Services Committee.
The cryptocurrency industry also saw a surge in hacks this year, with over $2.3 billion in crypto assets stolen across 165 major incidents in 2024, representing a 40% increase from 2023, as reported by blockchain security firm Cyvers.
Source: https://www.crypto-news-flash.com/china-rejects-us-allegations-in-treasury-workstation-hacking-incident/?utm_source=rss&utm_medium=rss&utm_campaign=china-rejects-us-allegations-in-treasury-workstation-hacking-incident