- The US Treasury Department suffered a cyberattack in late 2024
- CISA has confirmed it does not believe any other agencies were affected
- The hack has been attributed to a Chinese threat actor
The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that there is currently ‘no indication’ that any other federal government agencies were impacted by the recent suspected state-sponsored hack against the US Treasury Department.
The December 2024 hack was declared a ‘major incident’, as key systems were left vulnerable, with the attack resulting in stolen documents and breached systems, and an initial agency assessment concluding the attack was carried out by a ‘China-based Advanced Persistent Threat Actor’, officials said.
By compromising third-party security provider BeyondTrust, attackers were able to gain remote access used by the vendor to override some Treasury Department systems, but despite BeyondTrust supplying security solutions for multiple agencies such as CISA, NSA, and NIST, the Treasury seems to be the only compromised department.
A combined effort
The breach was short lived, with suspicious activity first spotted on December 2, and the Treasury was notified by BeyondTrust on December 8. The Treasury is required by law to provide an update within 30 days, so more details about the nature of the stolen files is likely to be revealed later this month.
China has of course denied any involvement with the breach, and has confirmed the state ‘consistently opposes all forms of hacking and firmly rejects the dissemination of false information targeting China for political purposes’.
“CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident,” the agency confirmed in a statement.
“At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response.”
You might also like
- Take a look at our pick of the best endpoint protection software
- Japan’s largest telco NTT Docomo disrupted by DDoS attack
- Check out our pick for best antivirus software
