U.S. Treasury's Cybersecurity Breached—Federal Bureau of Investigation Launches Probe, China Being Pointed Fingers at
A Dec. 30 communication to the Committee on Banking, Housing and Urban Affairs from Aditi Hardika, who serves as the assistant secretary for management at the U.S. Department of the Treasury, has disclosed that Chinese cybercriminals managed to breach "specific unclassified documents" during a Dec. 8 breach. As a collaborative investigation by the Department of the Treasury and the FBI carries on, here's what we've gathered up until now.
FBI investigation set in motion—Timeline of the U.S. Treasury hack
The letter from assistant secretary Hardika, obtained by this journalist, indicated that "the Department of the Treasury has acknowledged a significant event." This event transpired on December 8, 2024. The incident was reported to the department by a third-party software service named Beyond Trust, which the Treasury employs.
According to Hardika, "an attacker had gained entry to a mechanism utilized by the service provider to protect a cloud-based service. This service was instrumental in offering remote technical assistance to workstations for Departments within the Treasury." With control of the pilfered key, the attacker was able to bypass the service's security functions, remotely access particular workstations within the Treasury Department, and get hold of certain unclassified documents saved by those account holders.
The time frame between the U.S. Treasury's awareness of the security breach and their report to the Committee on Banking, Housing and Urban Affairs appears to be the result of information collection, vis-à-vis the scope of the breach. The Treasury acted swiftly in involving the Cybersecurity and Infrastructure Security Agency as soon as they were notified of the breach. Subsequently, additional agencies, including the FBI, the intelligence community, and third-party digitial investigators, were also brought on board once the extent of the breach was ascertained.
"Based on available information," Hardika stated, "the incident has been connected to a state-sponsored cyber threat actor from China."
FBI and CISA find no trace of continued access to Treasury data, China denies involvement
A spokesperson for the Chinese Foreign Ministry, Mao Ning, declared that Beijing "is against all forms of hacker attacks, and we strongly condemn the dissemination of false information against China for political gain. We have repeatedly expressed our stance regarding groundless accusations with no basis in fact."
According to the U.S. Treasury itself, the breached service from BeyondTrust has been deactivated, and, based on preliminary findings from the CISA and FBI investigations, "there is no evidence to suggest that the attacker maintains access to Treasury data."
- Reports suggest that 'china hackers' were behind the breach of the US Treasury, as disclosed by Aditi Hardika, the assistant secretary for management at the Treasury.
- The letter from Hardika revealed that 'us treasury has been hacked' on December 8, 2024, and the hack was first identified by a third-party software service, BeyondTrust.
- The FBI is involved in an ongoing investigation into the 'treasury hack', working collaboratively with the Department of the Treasury to gather more information about the incident.
- According to Hardika, the 'hacking' involved an attacker gaining access to a cloud-based service offered by BeyondTrust, allowing them to bypass the service's security functions and access certain unclassified documents within the Treasury Department.
- Despite denials from China, the FBI and CISA have linked the 'us treasury hack' to 'china' due to the nature of the attack, although they have found no evidence of continued access to Treasury data.
