Vendor Vulnerability Allows Chinese Hackers To Breach Treasury

Chinese hackers have breached the U.S. Treasury Department, exploiting a flaw in third-party cybersecurity vendor BeyondTrust to steal unclassified documents. Officials have described the incident as a “major breach.” in a letter to lawmakers.

The attackers used a compromised key to bypass BeyondTrust’s security protocols, enabling remote access to Treasury workstations. The breach exposed unclassified data stored by departmental employees.

BeyondTrust informed Treasury of the breach on December 8, prompting an investigation involving the FBI and CISA. Treasury officials have emphasized their commitment to improving cybersecurity measures, noting recent enhancements to protect sensitive data.

Experts believe the breach is consistent with operations linked to Chinese state-sponsored hacking groups. “This incident fits a well-documented pattern,” said Tom Hegel of SentinelOne, pointing to the attackers’ use of trusted third-party services to gain access.

China’s government has denied involvement, accusing the U.S. of making unsubstantiated claims. BeyondTrust has confirmed a security breach affecting some clients and is working to resolve the issue.

The compromised service has been taken offline, and Treasury officials believe the breach has been contained, though investigations are ongoing.

Previous articleMusk’s Pro-H-1B Stance Fuels MAGA Divisions Over Worker Wages
Next articleTrump Nominees Advised To Limit Public Statements Ahead Of Hearings