ua en ru
Fri, January 03 War in Ukraine Life World Politics Business Opinion People
Syria South Korea crisis US elections Georgia protests Middle East conflict President Zelenskyy
Categories News Articles Interview
  War in Ukraine Life World Politics Business Opinion People
Actual Syria South Korea crisis US elections Georgia protests Middle East conflict President Zelenskyy

Chinese hackers breach US Treasury Department, steal documents

Tue, December 31, 2024 - 04:00
UA EN RU
Chinese hackers breach US Treasury Department, steal documents Photo: The US Treasury Department has been attacked by hackers (Getty Images)
Author: Bohdan Babaiev

Chinese state hackers breached the US Department of the Treasury’s cybersecurity system and stole several documents. The department described the incident as a "major incident," reports Reuters.

Reuters referred to a letter sent to lawmakers, which Treasury officials provided on Monday, December 30. The letter states that hackers compromised an external cybersecurity service provider, BeyondTrust, and gained access to non-classified documents.

According to the letter, the hackers accessed a key used by the provider to secure a cloud service. This key is used for remote technical support to end users at the Treasury’s branches.

"With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users," the letter states.

The Treasury Department said it was notified about the breach by BeyondTrust on December 8 and that it is cooperating with the US Cybersecurity and Infrastructure Security Agency and the FBI to assess the breach’s impact.

Meanwhile, a spokesperson for the Chinese embassy in Washington dismissed any responsibility for the breach. He stated that Beijing "firmly opposes the US's smear attacks against China without any factual basis."

BeyondTrust, based in Johns Creek, Georgia, stated on its website that it recently discovered a security incident affecting a limited number of clients using its remote support software. As a result of the incident, a digital key was compromised, and an investigation is underway.

Threat researcher at cybersecurity firm SentinelOne (S.N.), Tom Hegel, noted that the security incident described by BeyondTrust appears to be closely related to the breach at the Treasury. However, he cautioned that the company would need to confirm any connection.

"This incident fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services - a method that has become increasingly prominent in recent years," he said.

Cyberattacks on Ukraine and Western countries

In recent years, cyberattacks have become a component of the war between Russia and its Asian allies against European countries and the US.

On December 28, hackers attacked Italy’s Ministry of Foreign Affairs and two airports in Milan. The pro-Russian group Noname057 claimed responsibility for the attack.

On December 19, Russian hackers carried out one of the largest cyberattacks on Ukraine. The attackers breached several Ukrainian government registries and downloaded all their databases.

Additionally, in December 2023, hackers gained access to the DNA data of 7 million people from a US genetic testing company.

Follow RBC-Ukraine on WhatsApp Follow RBC-Ukraine on Twitter Follow RBC-Ukraine on Facebook
USA China cyber security hackers
NEWS
Zelenskyy reveals if he'll seek second term
Zelenskyy reveals if he'll seek second term
Trump’s victory certification in US Congress could be delayed - CNN
Trump’s victory certification in US Congress could be delayed - CNN