Sen. Tim Scott (R-S.C.), ranking member of the Senate Banking, Housing, and Urban Affairs Committee, and Rep. French Hill (R-Ark.), vice chairman of the House Financial Services Committee, met on Thursday. I wrote demanded from Treasury Secretary Janet Yellen details of a cyberattack on the Treasury Department's computer systems by hackers with ties to the Chinese government.
“This breach of federal information is deeply concerning. As you know, the Treasury Department is releasing the most sensitive information about Americans, including tax information, corporate beneficial ownership, and suspicious activity reports, across the government. ,” Scott and Hill wrote to Yellen.
“This information must be carefully protected from theft and surveillance by foreign adversaries, including the Chinese Communist Party, seeking to harm the United States,” they wrote.
“Thus, the fact that APT attackers backed by the Chinese Communist Party were able to access Treasury Department information systems is unacceptable and raises serious questions about protocols to protect sensitive federal information from future cybersecurity incidents.” ”, the letter concludes.
APT stands for Advanced Persistent Threat and is the hacker group's standard cybersecurity nomenclature. On Monday, the Ministry of Finance revealed Chinese state-sponsored hackers reportedly broke into several workstations and gained access to confidential documents.
Ministry of Finance notified Congress reported that the intruders were able to steal security code keys from a third-party software provider called BeyondTrust, which detected the theft and alerted the Treasury Department on Dec. 8.
The stolen keys gave hackers access to a cloud service that BeyondTrust uses to provide remote technical support to Treasury Department computers. Hackers used this feature to breach Treasury Department security and remotely control multiple workstations.
“The compromised BeyondTrust service is offline and there is no evidence at this time that threat actors continued to access financial information,” Treasury Department Assistant Secretary for Management Aditi Hardika told Congress on Dec. 30. reported.
The Chinese Ministry of Foreign Affairs immediately fired It says US claims about Chinese government involvement in data theft are “unjustified,” “baseless” and “disinformation motivated by political objectives.”
Sen. Scott and Rep. Hill urge Yellen to provide Congress with details about the incident, including which Chinese APT groups were involved and a complete inventory of the information accessed by the hackers, by January 10 at the latest. requested that it be done. Whether the Treasury Department was aware of the security vulnerabilities in the BeyondTrust software before the incident.
The Treasury Department hack occurred just before the end of the year. Fourth major known breach Attacks on U.S. computer systems by hackers linked to the Chinese government. The other three were known as Bolt Typhoon, Flux Typhoon, and Salt Typhoon. Bolt Typhoon targeted oil and water infrastructure, while Salt Typhoon targeted broadband providers and communications services. Flux Typhoon also created a large botnet that, had it not been detected and disabled, could have been used as a weapon to overwhelm and shut down large numbers of computer systems.
Before Scott and Hill sent their letter to Yellen, the Treasury Department said: informed Congress is expected to produce a supplementary report on the cyberattack within 30 days.
On Thursday, washington post reported Suspected Chinese hackers were able to breach the security of the Treasury Secretary's office and the Office of Foreign Assets Control (OFAC), which enforces economic sanctions against foreign countries and individuals. The Treasury Department's Bureau of Financial Investigation was also compromised.
The full story of the cyber attack is do not have The Treasury's first report to Congress made it clear, and perhaps that's why Mr Scott and Mr Hill are urgently seeking further answers.
The Chinese government will have a strong interest in accessing OFAC data, as many of its sanctions are directed at Chinese companies.
“Even access to unclassified information held by OFAC could provide valuable information to the Chinese government, which could be used to build cases against sanctioned organizations and individuals.” said Department of Justice (DOJ) sanctions official David Laufman. Washington Post.
