Treasury Department Hacked
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency.
[…]
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” reads the letter seen by the New York Times.
[…]
The threat actors utilized this access to target the text messages, voicemails, and phone calls of targeted individuals, and to access wiretap information of those under investigation by law enforcement.
The threat actor stole a key used by BeyondTrust “to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.” With the key, they overrode the security to remotely access those users’ workstations and “some unclassified documents” they maintained.
Writing on Mastodon, cyber security researcher Kevin Beaumont had a warning for Software-as-a-Service users: “One thing every org needs to start to plan for: SaaS provider breaches. What’s your playbook for when your SaaS provider gets breached?
Bruce Schneier quotes the Washington Post:
The sanctions target Beijing Integrity Technology Group, which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.
Previously:
