A Chinese state-sponsored actor broke into the US Treasury department earlier this month and stole documents from its offices, according to a letter to lawmakers provided to Reuters on Monday.
The actor built a third-party cybersecurity service provider, BeyondTrust. They could access the forum to the factories and some unspeakable documents.
According to the letter, hackers accessed the key used by the vendor to obtain a cloud service used to provide remote technical support for departmental treasury (DO) end users. With access to the stolen key, the threat actor was able to compromise the security of the service, remotely access the operations of certain Treasury DO users, and access certain unclassified documents maintained by those users.”
There is no evidence that the entity continued to access the department’s systems.
After being alerted by BeyondTrust, the Treasury Department contacted the Cybersecurity and Infrastructure Security Agency (CISA) and is cooperating with law enforcement to assess the impact.
Beyond Trust, CISA and the FBI did not immediately respond to Reuters requests for comment.