The United States Treasury Department reported a significant cybersecurity incident, revealing that suspected Chinese threat actors gained remote access to some of its computers and unclassified documents.
On December 8, 2024, Treasury was informed by BeyondTrust, its third-party service provider, about unauthorized access related to a key securing a cloud-based service for technical support.
The FBI and CISA are involved in two-fold analyses since available evidence indicates the involvement of a state-sponsored Advanced Persistent Threat actor linked to China.
BeyondTrust has publicly acknowledged the digital intrusion, stating it allowed attackers to breach certain Remote Support instances, but they have taken actions like revoking the API key.
Collection
[
|
...
]