Sign in Subscribe
Data Breaches

US Treasury Department breached through remote support platform

US Treasury Department breached through remote support platform

The latest news on the US Treasury Department breach involves a significant security incident attributed to Chinese state-sponsored hackers. Here are the key details:

Incident Overview:

  • Attribution: The breach has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor, specifically named "Salt Typhoon" in some reports24.
  • Method of Breach: The hackers compromised a remote support platform provided by BeyondTrust, a privileged access management company. They used a stolen Remote Support SaaS API key to reset passwords and gain further privileged access to the Treasury Department's systems24.
  • Impact: The hackers accessed government employee workstations and obtained non-classified documents through the compromised security key124.
  • Timeline: The breach was first detected on December 8, 2024, when a third-party firm flagged the illicit access. The Treasury Department immediately notified lawmakers and began working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the impact124.

Security Measures:

  • Response: The Treasury Department has taken swift action, including shutting down all compromised instances of the remote support platform and revoking the stolen API key24.
  • Cyber Defense: The Treasury Department has bolstered its cyber defense over the last four years and continues to work with private and public sector partners to protect its financial system from threat actors1.

Related Developments:

  • Telecom Hacks: The same threat actors, "Salt Typhoon," have been linked to recent hacks of nine U.S. telecommunication companies, including Verizon, AT&T, Lument, and T-Mobile. These breaches targeted text messages, voicemails, and phone calls of targeted individuals, as well as wiretap information2.
  • Government Response: In response to these telecom breaches, CISA has urged senior government officials to switch to end-to-end encrypted messaging apps like Signal to reduce communication interception risks. The U.S. government also plans to ban China Telecom's last active U.S. operations2.

This incident highlights the ongoing threat of state-sponsored cyberattacks and the importance of robust cybersecurity measures in protecting sensitive government data.

Read next