A breach in early December 2024 at the US Treasury Department involved remote access by hackers to Treasury computers, compromising certain unclassified documents. By exploiting vulnerabilities in remote support software from BeyondTrust, identified as CVE-2024-12356 and CVE-2024-12686, attackers stole an authentication key, enabling system access. Despite the breach being attributed to a Chinese state-sponsored APT actor, no ongoing access was found. The incident sparked collaborations with FBI, CISA, and intelligence agencies for a comprehensive evaluation.
Source: https://www.wired.com/story/us-treasury-hacked-by-china/
TPRM report: https://scoringcyber.rankiteo.com/company/us-treasury
"id": "us-000010125",
"linkid": "us-treasury",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Public Administration',
'location': 'United States',
'name': 'US Treasury Department',
'type': 'Government Agency'}],
'attack_vector': 'Remote Access',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'Low',
'type_of_data_compromised': 'Unclassified documents'},
'date_detected': '2024-12-01',
'description': 'A breach in early December 2024 at the US Treasury Department '
'involved remote access by hackers to Treasury computers, '
'compromising certain unclassified documents. By exploiting '
'vulnerabilities in remote support software from BeyondTrust, '
'identified as CVE-2024-12356 and CVE-2024-12686, attackers '
'stole an authentication key, enabling system access. Despite '
'the breach being attributed to a Chinese state-sponsored APT '
'actor, no ongoing access was found. The incident sparked '
'collaborations with FBI, CISA, and intelligence agencies for '
'a comprehensive evaluation.',
'impact': {'data_compromised': 'Unclassified documents',
'systems_affected': 'Treasury computers'},
'initial_access_broker': {'entry_point': 'Remote support software from '
'BeyondTrust'},
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Vulnerabilities in remote support '
'software'},
'response': {'law_enforcement_notified': True,
'third_party_assistance': ['FBI',
'CISA',
'intelligence agencies']},
'threat_actor': 'Chinese state-sponsored APT actor',
'title': 'US Treasury Department Breach',
'type': 'Breach',
'vulnerability_exploited': ['CVE-2024-12356', 'CVE-2024-12686']}