FOLLOW US

Chinese state-sponsored hackers, identified as Salt Typhoon, have escalated their cyberattacks on the United States, breaching the U.S. Treasury Department's security systems.

Treasury Department Targeted

 The Treasury described this breach as a "major incident," revealing the severity of the attack in a letter to lawmakers.

According to Reuters, the hackers exploited vulnerabilities in a third-party software service provider to access Treasury Department workstations and unclassified documents.

“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” the department explained.

However, officials withheld specific details about the number of workstations compromised or the types of documents accessed.

Officials indicated that a significant number of Americans, particularly in the Washington-Virginia area, could be affected. However, the full scope of the breach remains uncertain.

https://usaherald.com/charges-filed-in-death-of-one-direction-singer-liam-payne/

Salt Typhoon Espionage Attacks

The Biden administration disclosed that Salt Typhoon has also targeted at least eight telecommunications companies and numerous countries.

Previously, nine U.S. telecom firms were compromised in a Chinese espionage campaign. These hackers accessed private texts and phone conversations of Americans, raising national security alarms.

A letter to lawmakers acknowledged the Treasury breach, stating, “At this time, there is no evidence indicating the threat actor has continued access to Treasury information.” The incident is being investigated as a “major cybersecurity event.”

BeyondTrust Compromised

Salt Typhoon’s breach extended to BeyondTrust, a Georgia-based third-party cybersecurity service provider.

Exploiting vulnerabilities in BeyondTrust’s remote support product, the hackers accessed unclassified documents. BeyondTrust confirmed the breach, stating that they had identified and mitigated the issue in early December 2024.

“We notified the limited number of customers who were involved and informed law enforcement,” a BeyondTrust spokesperson said.

The company continues to support investigative efforts alongside the U.S. Treasury, the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI.

The Treasury letter attributed the attack to a “China state-sponsored Advanced Persistent Threat (APT) actor,” emphasizing the increasing prominence of cyberattacks that exploit trusted third-party services.

U.S. Response to Salt Typhoon

In response to the attack, Deputy National Security Adviser Anne Neuberger issued guidance to companies on detecting Chinese cyber activity within their networks.