US Treasury says computers hacked by Chinese ‘threat actor’

On By Littum

The US Treasury Department said a state-sponsored Chinese hacking operation was able to access third-party software to tap into the desktop computers of Treasury employees in what the department is calling “a major incident.”

In a letter seen by NBC News, Aditi Hardikar, assistant secretary for management at the US Treasury Department, wrote that the office was notified on December 8 of the breach. The letter is addressed to Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, RS.C., the chairman and ranking member, respectively, of the Banking, Housing and Urban Affairs Committee.

The information accessed by the “threat actor” included unclassified documents, according to the letter.

Hardikar wrote that the US Treasury Department was told by “a third-party software provider, BeyondTrust, that a threat actor had obtained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support to Ministry of Finance. Offices (DO) end users.”

With this access, the “threat actor” could override certain security measures and enter the department’s user workstations.

The U.S. Treasury Department has been working with the Cybersecurity and Infrastructure Security Agency, the FBI and other members of the intelligence community, as well as “third-party forensic investigators to fully characterize the incident and determine its overall impact,” the letter said.

In a statement to NBC News, a Treasury spokesman cited the contents of the letter, saying that “the compromised BeyondTrust service has been taken offline” and that there is “no evidence that the threat actor has continued access to Treasury systems or information.” ”

“Treasury takes all threats to our systems and the data they contain very seriously. Over the past four years, Treasury has significantly strengthened its cyber defenses, and we will continue to work with both private and public partners to protect our financial system against threat actors,” the statement reads in part.

Other agencies helped the U.S. Treasury Department deduce that the breach came from a Chinese hacker, according to the letter.

The letter states that a supplementary report will be available in 30 days.