Jan 7, 04:31 AM

CISA Confirms December Treasury Cyberattack by Chinese Hackers Limited to One Agency

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the recent cyberattack on the U.S. Treasury Department in December 2024 did not extend to other federal agencies. The breach, attributed to Chinese state-sponsored hackers, exploited a compromised API key from BeyondTrust, a third-party vendor providing remote support services. The attackers gained access to Treasury workstations and unclassified documents, including those from the Office of Foreign Assets Control, which oversees U.S. sanctions programs. BeyondTrust has since patched vulnerabilities (CVE-2024-12686 and CVE-2024-12356) exploited during the attack. The Treasury Department has imposed sanctions on Beijing Integrity Technology Group, a Chinese cybersecurity firm accused of supporting the hacking group Flax Typhoon. The investigation into the breach is ongoing, with CISA and BeyondTrust collaborating on mitigation efforts. China has denied the allegations, describing them as politically motivated. This incident highlights growing cybersecurity tensions between the U.S. and China, particularly regarding critical infrastructure and sensitive government data.

#CISA #Chinese #BeyondTrust #Treasury #Treasury Department #Beijing Integrity Technology Group #Flax Typhoon #China

Written with ChatGPT (GPT-4o).

Sources

Additional media

Image #1 for story cisa-confirms-december-treasury-cyberattack-chinese-hackers-limited-to-one-8a11cd0b

Image #2 for story cisa-confirms-december-treasury-cyberattack-chinese-hackers-limited-to-one-8a11cd0b

CISA Confirms December Treasury Cyberattack by Chinese Hackers Limited to One Agency

Sources

Additional media

Similar Stories