XPost: alt.politics.org.nsa, alt.security.espionage, alt.fan.rush-limbaugh XPost: talk.politics.guns, sac.politics
https://www.reuters.com/technology/cybersecurity/us-treasurys- workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/
WASHINGTON, Dec 30 (Reuters) - Chinese state-sponsored hackers breached
the U.S. Treasury Department's computer security guardrails this month and stole documents in what Treasury called a "major incident," according to a letter to lawmakers, opens new tab that Treasury officials provided to
Reuters on Monday.
The hackers compromised third-party cybersecurity service provider
BeyondTrust and were able to access unclassified documents, the letter
said.
According to the letter, hackers "gained access to a key used by the
vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to
the stolen key, the threat actor was able to override the serviceÆs
security, remotely access certain Treasury DO user workstations, and
access certain unclassified documents maintained by those users."
The Treasury Department said it was alerted to the breach by BeyondTrust
on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the hack's impact.
Treasury officials didn't immediately respond to an email seeking further details about the hack. The FBI did not immediately respond to Reuters' requests for comment, while CISA referred questions back to the Treasury Department.
A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing "firmly opposes the
U.S.'s smear attacks against China without any factual basis."
A spokesperson for BeyondTrust, based in Johns Creek, Georgia, told
Reuters in an email that the company "previously identified and took
measures to address a security incident in early December 2024" involving
its remote support product. BeyondTrust "notified the limited number of customers who were involved," and law enforcement was notified, the spokesperson said. "BeyondTrust has been supporting the investigative
efforts."
The spokesperson referred to a statement posted on the company'swebsite,
opens new tabon Dec. 8 sharing some details from the investigation,
including that a digital key had been compromised in the incident and that
an investigation was under way. That statement was last updated Dec. on
18.
Tom Hegel, a threat researcher at cybersecurity company SentinelOne (S.N), opens new tab, said the reported security incident "fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on
abusing trusted third-party services - a method that has become
increasingly prominent in recent years," he said, using an acronym for the People's Republic of China."
The Reuters Daily Briefing newsletter provides all the news you need to
start your day. Sign up here.
Reporting by Raphael Satter in Washington, AJ Vicens in Detroit and Akash Sriram in Bengaluru; Editing by Shinjini Ganguli, Tasim Zahid, Alistair
Bell, Rod Nickel and Leslie Adler
--
November 5, 2024 - Congratulations President Donald Trump. We look
forward to America being great again.
The disease known as Kamala Harris has been effectively treated and
eradicated.
We live in a time where intelligent people are being silenced so that
stupid people won't be offended.
Durham Report: The FBI has an integrity problem. It has none.
Thank you for cleaning up the disaster of the 2008-2017 Obama / Biden
fiasco, President Trump.
Under Barack Obama's leadership, the United States of America became the
The World According To Garp. Obama sold out heterosexuals for Hollywood
queer liberal democrat donors.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)