Chinese Hackers Breach U.S. Treasury Using Stolen Security Key in Major Cyber Attack

Chinese Hackers Breach U.S. Treasury Using Stolen Security Key in Major Cyber Attack

U.S. Treasury Reports Major Chinese Cyber Breach

The U.S. Treasury Department has disclosed a significant cybersecurity incident involving suspected Chinese state-sponsored actors who gained unauthorized access to unclassified systems and documents.

On December 8, 2024, BeyondTrust, a third-party software provider, alerted the Treasury that threat actors had obtained a security key used for cloud-based technical support services. This breach enabled unauthorized remote access to certain Treasury Departmental Offices’ workstations and unclassified documents.

The incident prompted immediate collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) and FBI. While evidence suggests involvement of a Chinese Advanced Persistent Threat (APT) group, China’s foreign ministry spokesperson Mao Ning has denied these allegations, dismissing them as “unwarranted and groundless.”

BeyondTrust confirmed the security breach affected their Remote Support SaaS instances, where attackers exploited an API key to reset local application account passwords. The company has since:
– Revoked the compromised API key
– Notified affected customers
– Suspended impacted instances
– Provided alternative Remote Support SaaS instances

Two security vulnerabilities were identified in BeyondTrust’s products:
– CVE-2024-12356 (CVSS score: 9.8)
– CVE-2024-12686 (CVSS score: 6.6)

The Treasury Department has taken the BeyondTrust service offline, and there is currently no evidence of ongoing unauthorized access to their environment.

Share This Article