Chinese hackers accessed U.S. Treasury Department workstations and unclassified documents after exploiting a vulnerability in a cloud-based service operated by BeyondTrust, which supports technical operations for the department. The breach was described as a "major cybersecurity incident," attributed to a China state-sponsored Advanced Persistent Threat (APT) actor, though the Treasury has not disclosed the full extent of the impact. The attackers compromised an API key securing BeyondTrust's remote support service, bypassing its security measures to gain unauthorized access. In response, the Treasury engaged CISA, the FBI, the Intelligence Community, and forensic investigators, taking the compromised service offline and mitigating further threats. This incident follows broader concerns over Chinese cyberespionage campaigns, including the "Salt Typhoon" operation, which compromised communications data from multiple U.S. telecommunications companies. Continue here.
