Chinese government-backed individuals broke into the U.S. Treasury Department earlier this month and stole documents from workstations, according to a letter to lawmakers provided to Reuters on Monday.
The attacker compromised BeyondTrust, a third-party cybersecurity service provider. The hacker was able to access the workstation and some non-classified documents.
According to the letter, the hackers “accessed keys used by the vendor to secure cloud-based services used to remotely provide technical support to Department of the Treasury (DO) end users.” With access to the stolen keys, the attacker could disable the security of the service, remotely access the workstations of certain Treasury DO users, and gain access to certain unclassified documents controlled by those users. is completed. ”
There is no evidence that the entity had ongoing access to the Department’s systems.
Following BeyondTrust’s alert, the Treasury Department has contacted the Cybersecurity and Infrastructure Security Agency (CISA) and is working with law enforcement to assess the impact.
Beyond Trust, CISA and the FBI did not immediately respond to Reuters’ requests for comment.
