Chinese Hackers Strike Again: U.S. Treasury Breached via Remote Platform Fiasco
Chinese state-sponsored threat actors breached the U.S. Treasury Department by exploiting a remote support platform. The cybercriminals, known as Salt Typhoon, accessed sensitive data using stolen API keys and zero-day vulnerabilities. The incident has prompted a cybersecurity overhaul and a potential ban on China’s telecom operations in the U.S.
Hot Take:
Seems like the U.S. Treasury Department got a little too comfortable with BeyondTrust’s remote support platform, and now they’ve learned the hard way that Chinese state-sponsored hackers don’t take holidays. Maybe it’s time to invest in some old-fashioned vaults and carrier pigeons for secure communications?
Key Points:
- A Chinese state-sponsored group breached the U.S. Treasury Department via a remote support platform.
- The breach was first discovered on December 8th, after the vendor BeyondTrust notified the Treasury Department.
- Threat actors exploited two zero-day vulnerabilities in BeyondTrust’s Remote Support SaaS.
- The FBI and CISA have been involved in the investigation, and access has reportedly been revoked.
- Similar hacks have targeted major U.S. telecom companies, prompting calls for encrypted communications.
Already a member? Log in here