UNITED STATES – On December 8, 2024, the US Treasury Department found out that a China state-sponsored Advanced Persistent Threat (APT) actor breached its security.
The report comes from a letter Reuters received on December 30, 2024.
READ: The top AI cybercrime threats and solutions
The correspondence explains that the cloud-based service BeyondTrust provides technical support for Treasury Department Offices (DO) end users.
The APT actor gained a BeyondTrust key to override the service’s security. Consequently, it accessed workstations and accessed unclassified documents.
The US Treasury Department assured Reuters that it’s coordinating with the following parties to investigate the incident:
- Cybersecurity and Infrastructure and Security Agency (CISA)
- Federal Bureau of Investigation (FBI)
- The Intelligence Community
- Third-party forensic investigators
Moreover, the department has taken the BeyondTrust service offline. At the time of writing, “there is no evidence indicating the threat actor has continued access to Treasury information.”
The US Treasury Department considers APT intrusions as major cybersecurity threats. Also, it will share more details in its 30-day supplemental report.