The U.S. Treasury Department has suffered “serious” security problems after a Chinese state-sponsored hacker breached the third-party remote management software it uses, The New York Times reported earlier.
In a letter to lawmakers obtained by The Verge, the Treasury Department said that BeyondTrust, a developer of remote management software, notified the department of the hack on December 8.
The attackers stole a key used by BeyondTrust “to secure a cloud-based service used to provide remote technical support to end users of Treasury departments.” Using the key, they bypassed the protection and gained remote access to the workstations of these users and “some unclassified documents” they stored.
The Treasury Department said it worked with the Cybersecurity and Infrastructure Security Agency(CISA) and the FBI after the attack, which was attributed to the Advanced Persistent Threat (APT) hacker group funded by the Chinese state. “The compromised BeyondTrust service has been taken offline, and there is no evidence that the attacker continues to have access to Treasury systems or information,” US Treasury spokesman Michael Gwynn told The Verge.
The attack appears to be related to a security incident BeyondTrust reported earlier this month that affected customers using its remote support software. At the time, BeyondTrust attributed the attack to a compromised API key for its remote support software, adding that it “immediately revoked the API key, notified known affected customers, and suspended those instances on the same day.” The Verge reached out to BeyondTrust for comment but did not receive an immediate response.
“The Treasury takes very seriously all threats to our systems and the data they hold,” Gwynne said. “Treasury has significantly strengthened its cyber defenses over the past four years, and we will continue to work with partners in both the private and public sectors to protect our financial system from attackers.”