China Denies Involvement in Breach of US Treasury Workstations
The Chinese government has denied any involvement in a major breach of US Treasury workstations, which occurred earlier this month, gaining remote access to certain unclassified documents. The breach was identified by the BeyondTrust software service provider, which alerted US Treasury officials to the incident on Dec. 8.
Key Details:
Breach Overview: The breach, which was attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor, occurred on Dec. 2 when BeyondTrust detected anomalous behavior in its Remote Support product. The compromised service was taken offline, and there is currently no evidence of continued access to Treasury systems.
China’s Denial: A Chinese embassy spokesperson in Washington rejected any responsibility for the attack, asserting that China “firmly opposes” the US’s “smear attacks” without factual basis.
Ongoing Investigation:
Federal Agencies Involved: The Cybersecurity and Infrastructure Security Agency (CISA), FBI, US intelligence agencies, and third-party forensic investigators are working together to investigate the breach.
Treasury’s Actions: The Treasury Department has since worked to secure its systems, and a 30-day report will be issued to provide further details under the Federal Information Security Modernization Act.
Recent Breaches:
Salt Typhoon Incident: This breach follows a Salt Typhoon attack, where cybercriminals were able to access phone calls and text messages of lawmakers, highlighting the growing threat of cyberattacks targeting US government systems.
The incident is part of a broader trend of increasing cybersecurity threats, with significant breaches affecting both government and crypto industry systems, including $2.3 billion in stolen crypto
