Thursday, January 23, 2025
HomeCyber Security NewsUS Treasury Department Breach, Hackers Accessed Workstations

US Treasury Department Breach, Hackers Accessed Workstations

Published on

SIEM as a Service

Follow Us on Google News

The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department, gaining unauthorized access to employee workstations and unclassified documents.

This revelation follows a string of sophisticated surveillance operations targeting key American institutions.

The intrusion, attributed to a Chinese Advanced Persistent Threat (APT) actor, was identified on Dec. 8 by third-party software provider BeyondTrust, which flagged that hackers had exploited a security key to infiltrate Treasury systems.

Treasury officials reported that their investigation, conducted with the FBI and the intelligence community, classified the breach as a “major cybersecurity incident,” though they emphasized no current evidence indicates the hackers still have access.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

BeyondTrust Security Flaws Exploited

The breach exploited vulnerabilities in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products.

The cybersecurity firm has since disclosed critical flaws (CVE-2024-12356 and CVE-2024-12686) that allowed unauthorized system command execution. The compromised service has been taken offline, and Treasury officials assured that security measures are being bolstered to prevent future attacks.

While the exact objectives of the breach remain unclear, senior U.S. officials suggested it was likely an espionage operation rather than an attempt to disrupt critical infrastructure.

The Treasury Department is a prime target for foreign intelligence, given its oversight of global financial systems and its role in implementing sanctions—many of which impact Chinese firms aiding Russia in its war against Ukraine.

The hackers’ access to Treasury workstations could provide insights into U.S. financial strategies and China’s faltering economy.

This incident follows earlier reports of Chinese cyber intrusions into the email accounts of key U.S. officials, including Commerce Secretary Gina Raimondo, amid deliberations on semiconductor export controls.

The attack on the Treasury Department is part of a broader pattern of Chinese cyber activity. Earlier this year, a Chinese hacking group known as Salt Typhoon infiltrated nine U.S. telecommunications firms, accessing sensitive phone conversations and text messages.

Alarmingly, the hackers obtained information about Justice Department wiretaps, potentially giving the Chinese government insight into American counterintelligence operations.

Beijing has denied the allegations, with Chinese Foreign Ministry spokeswoman Mao Ning dismissing them as “groundless” and accusing the U.S. of spreading misinformation for political purposes.

The Treasury Department has pledged to present a detailed report to Congress in the coming weeks, as federal agencies and private-sector partners work together to strengthen cybersecurity.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...