Image: © rrodrickbeiler/Stock.adobe.com
The attack was able to exploit vulnerabilities in a third-party service provider to gain access to documents.
The US Department of Treasury revealed in a letter sent on 30 December 2024 that it suffered a “major” cybersecurity incident, which it attributed to a Chinese state-sponsored threat actor.
Yesterday (1 January), the Washington Post revealed that the cyberattack affected the Office of Foreign Assets Control, which administers and enforces economic and trade sanctions in support of national security and foreign policy objectives. Government officials said this reflected Beijing’s determination to acquire intelligence on the US, one of China’s major economic and political rivals. However, China has denied any involvement in the attack.
Moreover, the Chinese government could also be interested in determining entities that the US government might be considering for financial sanctions, the publication reports – as part of a dispute between the two nations that has ramped up in recent months with the US placing its third clampdown on the Chinese semiconductor industry in three years in a bid to impair the country’s semiconductor production capabilities.
The treasury department was notified by the third-party software service provider BeyondTrust on 8 December that a threat actor gained access to a key used by the vendor to secure services which provide remote tech support to the department’s end users. Through the stolen key, the threat actor was able to access unclassified documents maintained by the users, the letter revealed.
According to the letter, the incident was attributed to a China state-sponsored advanced persistent threat actor, but government officials said that lax cybersecurity employed by third-party vendors led to the cyber incident.
However, Liu Pengyu, the Chinese Embassy’s spokesperson in Washington called the claim “irrational” and “without any factual basis”, representing “smear attacks” against Beijing, while the Chinese Foreign Ministry called them “groundless” and said that Beijing “has always opposed all forms of hacker attacks”.
On 18 December, service provider BeyondTrust identified a “medium-severity vulnerability” within its remote support and access products, which it has since patched, it said.
Last month, Salt Typhoon, a well-known Chinese hacking group, breached at least eight US telecommunications providers with the intention of spying on US political figures, while a Chinese “state-sponsored” attack botnet attack by Flax Typhoon, another Chinese hacking group, was foiled by the US government in September.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
