Breach cyber

US Treasury Department

Jan 1, 2025 1 min read
US Treasury Department

A breach in early December 2024 at the US Treasury Department involved remote access by hackers to Treasury computers, compromising certain unclassified documents. By exploiting vulnerabilities in remote support software from BeyondTrust, identified as CVE-2024-12356 and CVE-2024-12686, attackers stole an authentication key, enabling system access. Despite the breach being attributed to a Chinese state-sponsored APT actor, no ongoing access was found. The incident sparked collaborations with FBI, CISA, and intelligence agencies for a comprehensive evaluation.

Source: https://www.wired.com/story/us-treasury-hacked-by-china/

TPRM report: https://scoringcyber.rankiteo.com/company/us-treasury

"id": "us-000010125",
"linkid": "us-treasury",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Public Administration',
                        'location': 'United States',
                        'name': 'US Treasury Department',
                        'type': 'Government Agency'}],
 'attack_vector': 'Remote Access',
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'Low',
                 'type_of_data_compromised': 'Unclassified documents'},
 'date_detected': '2024-12-01',
 'description': 'A breach in early December 2024 at the US Treasury Department '
                'involved remote access by hackers to Treasury computers, '
                'compromising certain unclassified documents. By exploiting '
                'vulnerabilities in remote support software from BeyondTrust, '
                'identified as CVE-2024-12356 and CVE-2024-12686, attackers '
                'stole an authentication key, enabling system access. Despite '
                'the breach being attributed to a Chinese state-sponsored APT '
                'actor, no ongoing access was found. The incident sparked '
                'collaborations with FBI, CISA, and intelligence agencies for '
                'a comprehensive evaluation.',
 'impact': {'data_compromised': 'Unclassified documents',
            'systems_affected': 'Treasury computers'},
 'initial_access_broker': {'entry_point': 'Remote support software from '
                                          'BeyondTrust'},
 'motivation': 'Data Theft',
 'post_incident_analysis': {'root_causes': 'Vulnerabilities in remote support '
                                           'software'},
 'response': {'law_enforcement_notified': True,
              'third_party_assistance': ['FBI',
                                         'CISA',
                                         'intelligence agencies']},
 'threat_actor': 'Chinese state-sponsored APT actor',
 'title': 'US Treasury Department Breach',
 'type': 'Breach',
 'vulnerability_exploited': ['CVE-2024-12356', 'CVE-2024-12686']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.