News: 0175797833

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

US Treasury Says Chinese Hackers Stole Documents In 'Major Incident' (reuters.com)

(Monday December 30, 2024 @05:40PM (BeauHD) from the another-day-another-breach dept.)


An anonymous reader quotes a report from Reuters:

> Chinese state-sponsored hackers [1]broke into the U.S. Treasury Department earlier this month and stole documents from its workstations, according to a letter to lawmakers that was provided to Reuters on Monday. The hackers compromised a third-party cybersecurity service provider and were able to access unclassified documents, the letter said, calling it a "major incident."

>

> According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users." After being alerted by cybersecurity provider BeyondTrust, the Treasury Department said it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack's impact.

Developing...



[1] https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/


What's the over / under? (Score:2)

by 93 Escort Wagon ( 326346 )

In weeks, that is, before we learn that classified documents were also stolen?

Re: (Score:2)

by Geoffrey.landis ( 926948 )

Not sure what classified information the treasury would have.

What they probably have plenty of is CUI, "Controlled Unclassified Information"; stuff is not public, but is access-controlled.

So public info then? (Score:3)

by GameboyRMH ( 1153867 )

If the US government doesn't classify something you can be sure it's totally inconsequential public information. The most damage this likely did was to the individual employees' privacy.

But it might've been just luck that nothing juicy was handled on these workstations.

Oy Vey (Score:4, Insightful)

by divide overflow ( 599608 )

Oh, the irony...their cybersecurity service provider was also their primary security vulnerability.

A recurring issue in modern systems security.

Yeah. (Score:2)

by Brain-Fu ( 1274756 )

Security is kind of expensive to implement. It is, in fact, more than zero dollars above the cost of implementing features that basically work, and that makes it too expensive for most for-profit businesses to bother.

Even when lives are on the line, as we have seen with medical devices and hospital hacks.

In my past jobs I have sometimes found myself in the position of trying to justify spending more for security measures to protect against attacks that the business team thinks are unlikely or only possible

"Major" doesn't necessarity mean major (Score:3, Informative)

by innocent_white_lamb ( 151825 )

The US government classifies a breach as "major" if it's undertaken by a nation-state.

"Major" has nothing to do with the actual extent of the breach, just who's behind it.

What is "worst" here is the lack of IT security (Score:3)

by gweihir ( 88907 )

Chinese hackers are not that great or powerful. If they get into critical systems, these systems were incompetently secured. Time to make such crap have _personal_ consequences for the decision makers or it will only get worse.

Re: (Score:2)

by Fly Swatter ( 30498 )

So that there is someone else to blame. Also it is the government, so it is also so that some politician's friend's company gets the fat contract.

Remote Management == RAT (Score:2)

by silentbozo ( 542534 )

The features that a remote management tool provides are pretty much identical to a remote access trojan, plus bonus ability to do things like remotely lock and purge laptops. We've seen this abused in attacks on iCloud users:

[1]https://www.wired.com/2012/08/... [wired.com]

"In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my Appl

[1] https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

RTO (Score:2)

by bill_mcgonigle ( 4333 ) *

Ah, this is how they will enforce an RTO mandate and get a 70% attrition rate.

Excluding janitors and maintenance people only 3% of Federal workers go to work at the office.

Maybe for NatSec stuff that's a bad idea. Plenty of private sectors opportunities for the pajama class.

And to be clear I would rather be in the pajama class than work in DC.

Did you do your BOI Reports? (Score:2)

by NaCh0 ( 6124 )

The Dept of Treasury is the group responsible for maintaining a new invasive database of identification for every small business owner in the US. This is called a BOI report.

For now courts have an injunction blocking the BOI report mandate, thank goodness. Once again privacy experts were correct. Don't overshare your info with the government.

Mergers and Acquisitions strikes again. (Score:2)

by Fly Swatter ( 30498 )

According to CNN, that third party was [1]BeyondTrust [wikipedia.org] Just look at the ownership history of that company and the Trademarked name. It's like a game of hot potato.

It is now owned by a private equity firm, how can anyone be shocked that this happened?

[1] https://en.wikipedia.org/wiki/BeyondTrust

Do not use that foreign word "ideals". We have that excellent native
word "lies".
-- Henrik Ibsen, "The Wild Duck"