The US Treasury Department recently disclosed a significant security breach, attributing the attack to a state-sponsored hacking group from China.

The breach, which targeted third-party remote management software used by the department, was first reported by The New York Times and has raised serious cybersecurity concerns.

In a letter to lawmakers obtained by The Verge, the Treasury Department revealed that the attack involved BeyondTrust, the company behind its remote management software. On December 8th, BeyondTrust informed the department of a breach in its system. Hackers reportedly obtained a key to secure BeyondTrust’s cloud-based remote support service, enabling them to override security measures and access Treasury workstations and some unclassified documents.


Following the breach, the Treasury Department collaborated with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to mitigate the threat. “The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” Treasury spokesperson Michael Gwin said in a statement.

The attack is linked to a broader security incident disclosed by BeyondTrust earlier this month. The company reported that hackers exploited a compromised API key for its remote support software, prompting BeyondTrust to revoke the key, notify affected customers, and suspend impacted services.

Gwin emphasized that the Treasury takes cybersecurity threats seriously, highlighting the agency’s efforts to bolster defenses in recent years. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” he stated.

READ
Microsoft Patches Zero-Day Vulnerability in Power Pages Exploited in Attacks

This breach underscores the growing risks posed by supply chain attacks, as malicious actors increasingly target third-party services to infiltrate critical systems. BeyondTrust has yet to provide additional comments on the incident.