According to a report in the New York Times, the cyberattack accessed US Treasury documents and workstations. The attack was linked to a “Chinese state-sponsored advanced persistent threat actor” and was characterized as a “major cybersecurity incident.”
According to a letter the Treasury Department shared with lawmakers (via TechCrunch), U.S. officials said on Dec. 8 that a third-party software company, BeyondTrust, was using security keys used to provide technical support on workstations and confidential information. Access unauthorized documents.
The Treasury Department said it is working with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to understand the full extent of the breach, but it is unclear how long files and workstations were accessed and what was actually accessed. has not been disclosed. Engadget has contacted the U.S. Treasury Department and will update this article as we learn more.
This cyberattack follows an equally alarming, but still compromised breach of another U.S. carrier in October 2024. The cyberattack was carried out by a Chinese hacker group called “Salt Typhoon.” The attackers had access to unencrypted SMS messages and call records of politicians, government officials and others for several months before the breach was discovered.
