Chinese APT Exploits BeyondTrust API Key to Access U.S. Treasury Systems and Documents
Dec 31, 2024
Vulnerability / Incident Response
The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents. "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users," the department said in a letter informing the Senate Committee on Banking, Housing, and Urban Affairs. "With access to the stolen key, the threat actor was able to override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users." The federal agency said it has been working with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (...