Treasury Department: Hacking into a Computer Service Provider: A U.S. Treasury Observer’s Letter to the Senate Banking Committee
The United States Treasury Department said Monday that Chinese hackers accessed its systems after compromising a software service provider.
The department takes threats against our systems very seriously, according to a statement. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
The revelation comes at a time when the U.S. officials are trying to understand how Chinese officials were able to get into the phones of an unknown number of Americans. A top White House official said Friday that the number of telecommunications companies confirmed to have been affected by the hack has now risen to nine.
The attackers exploited vulnerabilities in remote tech support software provided by the identity and access management firm BeyondTrust, and Treasury said in its letter to lawmakers that “the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.” Reuters first reported the disclosure and its contents.
The compromised service has since been taken offline, and there’s no evidence that the hackers still have access to department information, Aditi Hardikar, an assistant Treasury secretary, said in the letter Monday to leaders of the Senate Banking Committee.
The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency and others to investigate the impact of the hack, and that the hack had been attributed to Chinese state-sponsored culprits. It did not elaborate.
The BeyondTrust alert mentions two exploited vulnerabilities involved in the situation—the critical command injection vulnerability “CVE-2024-12356” and the medium-severity command injection vulnerability “CVE-2024-12686.” CISA added the former CVE to its “Known Exploited Vulnerabilities Catalog” on December 19. Command injection vulnerabilities are common application flaws that can be easily exploited to gain access to a target’s systems.