Washington: So, it turns out that Chinese state-sponsored hackers really got into the US Treasury Department.
They accessed over 400 computers, mainly targeting staff involved with sanctions and international affairs. This info comes from a report that Bloomberg checked out.
The report, which was sent to Congress, gives a clearer picture of this foreign intrusion into a key agency that handles the national debt and economic policy. It also mentions that there’s no sign the hackers were trying to stay in the system for long-term spying, and no malware was found on the affected devices.
Treasury Hackers Target Sanctions and Intelligence, Report Reveals
A report reveals that hackers breached the US Treasury, focusing on sanctions and intelligence data
After the breach was discovered, the Treasury quickly reported it to the Cybersecurity and Infrastructure Security Agency and sought help from the FBI and other agencies. The hackers, known as Silk Typhoon, were careful to work outside regular hours to avoid getting caught.
Chinese officials have denied any involvement, calling the accusations baseless. The hackers focused on specific offices within the Treasury and even accessed personal financial documents of employees.
As investigations continue, Treasury staff are set to brief Senate members about the incident.
- They’ve also cut ties with the contractor involved, BeyondTrust, and are looking for other options to ensure better security in the future.
==
Hacking Group 'Silk Typhoon' Linked to US Treasury Breach
The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department's Office of Foreign Assets Control.
Kristina Beek, Associate Editor, Dark Reading
January 9, 2025
1 Min Read
Source: World History Archive
NEWS BRIEF
The Chinese threat actor group known as "Silk Typhoon" has been linked to the December 2024 hack on an agency that's part of the US Department of the Treasury.
In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).
Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.
In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).
Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.
No comments:
Post a Comment