SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

China-Linked Hackers Steal Classified US Documents

Tyler Cross
Tyler Cross Senior Writer
Published on: January 2, 2025
Tyler Cross Tyler Cross
Published on: January 2, 2025 Senior Writer

China-linked threat actors successfully hacked the US Treasury and stole classified documents.

According to a letter released by Treasury members US Senators Tim Scott (R) and Sherrod Brown (D), the department considers it a major incident. The hackers accessed the Department through a third-party service.

BeyondTrust, a cybersecurity firm that worked alongside the government during Covid first discovered the breach on December 8th and promptly alerted the Treasury Department. The firm had a promising future as a close partner with the government and holds over $4 million worth of government contracts, but it’s unclear how this breach will impact their relationship.

After its discovery, CISA and the FBI began to investigate the breach — the investigation is currently ongoing.

A spokesperson for the Chinese Embassy is refuting the accusation, claiming that China “firmly opposes the US smear attacks against China without any factual basis,” Reuters reported.

Supposedly, Chinese hackers breached a third-party vendor that handled US cybersecurity. They hacked into an employee workstation and used a key they stole from that vendor to hack into a cloud service platform that provided technical support to the Treasury Department.

The hackers could “override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”

Officials warned that while many citizens will have had their data leaked, it was primarily senior officers who were targeted.

“(The) attackers used the platform like a backdoor on Treasury machines where it was installed,” writes Senior Researcher John Scott-Railton of the Citizen Lab at the University of Toronto.

After the breach was discovered, BeyondTrust was swiftly taken offline. A spokesperson for BeyondTrust assured the public that they were cooperating with the investigation. As of now, the company has not officially confirmed a PRC link.

“Given BeyondTrust’s big client list, makes one wonder if other customers were targeted,” Scott-Railton said.

As of now, the FBI and CISA have not made any public statements.

About the Author
Tyler Cross
Tyler Cross
Senior Writer
Published on: January 2, 2025

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment