In a letter to lawmakers seen by The Verge, the Treasury Department said BeyondTrust, the company behind its remote management software, notified the agency of a breach on December 8th.
The threat actor stole a key used by BeyondTrust 'to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.' With the key, they overrode the security to remotely access those users' workstations and 'some unclassified documents' they maintained.
The Treasury Department said it worked with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI following the attack, which has been attributed to a China state-sponsored Advanced Persistent Threat (APT) hacker.
Treasury takes very seriously all threats against our systems, and the data it holds,' Gwin said. 'Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners.
Collection
[
|
...
]