The U.S. has sanctioned a Beijing cybersecurity firm linked to Flax Typhoon, a China-backed hacking group targeting critical infrastructure and organizations.

U.S. Treasury Suffers Major Cyberattack Linked to China: Key Details Revealed


The U.S. Treasury faced a major cyberattack in December, attributed to Chinese hackers. Learn about the breach, its implications, and responses from both nations.


The Scope of the Attack

The U.S. Treasury disclosed a significant cybersecurity breach in December, attributing the attack to Chinese government-backed hackers. A letter sent to senior U.S. House lawmakers revealed that the attackers gained remote access to Treasury employee workstations and unclassified documents, marking the incident as a “major cybersecurity breach.”
The notification came from BeyondTrust, a tech company specializing in identity access and remote support, on December 8. Hackers reportedly exploited a key used by BeyondTrust to provide remote access technical support for Treasury employees. While BeyondTrust had acknowledged the incident earlier, it remains unclear how the hackers obtained the critical access key. Efforts to contact BeyondTrust for additional information have gone unanswered.

Response and Attribution

Following the breach, the Treasury engaged the Cybersecurity and Infrastructure Security Agency (CISA) for assistance. As of December 30, officials confirmed no evidence of ongoing access by the threat actors. Treasury spokesperson Michael Gwin stated that hackers accessed “several user workstations and unclassified documents,” emphasizing the department’s commitment to fortifying its cyber defenses in collaboration with public and private partners.
The department attributed the attack to a China state-sponsored advanced persistent threat (APT) group, though specifics about the group remain undisclosed. This marks another instance of cyber aggression tied to Chinese entities targeting U.S. government systems in recent months. Notably, hackers associated with China, referred to as Salt Tycoon, previously targeted U.S. telecommunications providers like AT&T and Verizon to access private communications of high-profile individuals, including presidential candidates.

China’s Response

The Chinese government, through Liu Pengyu, a spokesperson for its embassy in Washington, D.C., denied any involvement, criticizing the United States for failing to present evidence substantiating its claims. This denial follows a pattern of rebuttals from Chinese officials in response to allegations of cyber activities targeting the U.S.

Implications and Future Preparedness

This breach underscores the persistent vulnerabilities in U.S. government systems despite ongoing efforts to enhance cybersecurity measures. The Treasury highlighted its improved defenses over the past four years, but this incident reveals gaps that sophisticated adversaries continue to exploit.
The attack also raises concerns about the broader implications of state-sponsored cyber activities. As geopolitical tensions escalate, cybersecurity remains a critical front in safeguarding national interests, protecting sensitive information, and maintaining public trust.

(Disclaimer: This article is based on publicly available information and statements from relevant authorities. The claims and attributions are subject to further verification.)

 

Also Read:  Moft’s Latest Innovation: Find My Wallet & Stand Combines Functionality and Style

Leave a Reply

Your email address will not be published. Required fields are marked *