Posted on Dec 31, 2024
Chinese Hackers Breached Workstations, Stole Documents, Treasury Department Says
5.38K
55
9
17
17
0
Chinese hackers remotely breached the U.S. Treasury Department earlier this month, stealing documents from its workstations, according to a letter the agency sent to lawmakers on Monday. The Treasury Department described the breach as a “major incident.”
On Dec. 8, Chinese state-sponsored hackers compromised a third-party software service provider, Beyond Trust, accessing certain unclassified documents, according to the letter by Aditi Hardikar, an assistant Treasury secretary.
The letter stated that the hackers gained “access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
On Dec. 8, Chinese state-sponsored hackers compromised a third-party software service provider, Beyond Trust, accessing certain unclassified documents, according to the letter by Aditi Hardikar, an assistant Treasury secretary.
The letter stated that the hackers gained “access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Chinese Hackers Breached Workstations, Stole Documents, Treasury Department Says
Posted from theepochtimes.com
China
Hacking
Edited 1 y ago
Posted 1 y ago
Responses: 5
4
4
0
OK, this is what I find concerning (breaking it down from a cybersecurity perspective).
"On Dec. 8, Chinese state-sponsored hackers compromised a third-party software service provider, Beyond Trust, accessing certain unclassified documents, according to the letter by Aditi Hardikar, an assistant Treasury secretary.
The letter stated that the hackers gained “access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”"
Beyond Trust, mentioned in the article as the 3rd party software service provider, is a privileged identity management service. In other words, a service which manages the identity and access for their client's environments (i.e. the DOT in this case). Their objective is to prevent identity/access intrusions by keeping the accounts segmented appropriately (with the appropriate detecting/alerting controls). So to hear the Chinese compromised a Beyond Trust access key used for remote support to the DOT, makes me wonder if they compromised other Beyond Trust clients too. Also, I'm curious to know what the access requirements were for that vendor to access the environment remotely. Was their system government issued/maintained? Was there two-factor authentication? Do they use a VPN/Jump server?
My brief experiences working with DOT led me to believe they take cybersecurity seriously but I think they certainly dropped the ball here.
"On Dec. 8, Chinese state-sponsored hackers compromised a third-party software service provider, Beyond Trust, accessing certain unclassified documents, according to the letter by Aditi Hardikar, an assistant Treasury secretary.
The letter stated that the hackers gained “access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”"
Beyond Trust, mentioned in the article as the 3rd party software service provider, is a privileged identity management service. In other words, a service which manages the identity and access for their client's environments (i.e. the DOT in this case). Their objective is to prevent identity/access intrusions by keeping the accounts segmented appropriately (with the appropriate detecting/alerting controls). So to hear the Chinese compromised a Beyond Trust access key used for remote support to the DOT, makes me wonder if they compromised other Beyond Trust clients too. Also, I'm curious to know what the access requirements were for that vendor to access the environment remotely. Was their system government issued/maintained? Was there two-factor authentication? Do they use a VPN/Jump server?
My brief experiences working with DOT led me to believe they take cybersecurity seriously but I think they certainly dropped the ball here.
(4)
(0)
3
3
0
3
3
0
Unfortunately, what an ironically named service provider.
We need to stop acting like the Chinese are our economic friends. Their new 'long march' is intellectual property theft and world domination.
We need to stop acting like the Chinese are our economic friends. Their new 'long march' is intellectual property theft and world domination.
(3)
(0)
Read This Next
Continue with Facebook 
Continue with Google