At a time when things are already tense between the United States and China, a China-based threat actor successfully hacked the U.S. Treasury Department. This comes on the heels of another major breach by Chinese hackers.
Another Espionage Mission
This latest cyberattack appears to be another espionage mission, much like the recent attacks by the Chinese intelligence group known as Salt Typhoon on major U.S.-based telecommunications companies. In fact, AT&T and Verizon were recently hit, though they gave assurances that their networks are now secure.
The U.S. Treasury Department was hacked on December 8, 2024, though the incident is just now being reported. It appears to intelligence officials to be yet another espionage mission to learn more details about the U.S.’s finances, global finances, and what the U.S. knows about China’s economic situation.
The Treasury Department is also involved in sanctions against Russia, along with others who may be aiding them in the attack against Ukraine. Since Russia has asked for China’s assistance, any insider information would be beneficial.
With Salt Typhoon, the goal is to gather intelligence by listening to and recording phone calls and text messages. And, with deep enough access, geolocate individuals if needed.
A Chinese state-sponsored APT (advanced persistent threat) actor has shown that hackers can breach one of the largest U.S. federal departments.
For now, it doesn’t appear this particular cyberattack has anything to do with inserting malicious code into any form of infrastructure. It’s entirely about spying.
Access via Third-Party Software
Surprisingly, the breach didn’t originate directly from the Treasury Department. Instead, it started with BeyondTrust, a third-party software. It was used to provide remote technical support for Treasury Department employees.
The hacker was able to steal a key that allowed them to completely bypass some Treasury Department employees’ devices. Currently, officials are saying only some unclassified documents were accessed and stolen. The department is working alongside the FBI and others in the intelligence community to determine if anything else may have been accessed.
This is likely tied to a breach BeyondTrust had back on December 2, 2023. While the company took action quickly, the threat actor was still able to use the stolen key to hack the Treasury Department.
While BeyondTrust is still operating, it’s no longer tied to the Treasury Department or other government entities. This should remove any access the hacker(s) had.
China has, of course, denied any involvement in any of these serious cyberattacks, implying the hackers worked without government support or approval.
Not Great News for TikTok
If you’ve been following the news about TikTok, you already know the Supreme Court is giving the parent company, ByteDance, one last chance to plead its case. Considering the entire reason the U.S. government wants the app banned is suspicions of espionage, this latest breach with the Treasury Department getting hacked could spell disaster for the popular app. However, the Trump presidency could still save it.
Image credit: Pexels
