Breach cyber

US Treasury

Jan 9, 2025 1 min read
US Treasury

The US Treasury Department experienced a security breach where attackers exploited vulnerabilities in BeyondTrust's remote tech support software, leading to unauthorized access to Treasury computers and certain unclassified documents. Attackers stole an authentication key, compromising unclassified data. The incident was linked to a China state-sponsored APT actor. While the compromised service was taken offline, the breach was classified as a major cybersecurity incident, prompting collaboration with the FBI, CISA, and the intelligence community for investigation.

Source: https://www.wired.com/story/us-treasury-hacked-by-china/

TPRM report: https://scoringcyber.rankiteo.com/company/us-treasury

"id": "us-000010925",
"linkid": "us-treasury",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'United States',
                        'name': 'US Treasury Department',
                        'type': 'Government Agency'}],
 'attack_vector': "Exploited vulnerabilities in BeyondTrust's remote tech "
                  'support software',
 'data_breach': {'data_exfiltration': True,
                 'sensitivity_of_data': 'Unclassified',
                 'type_of_data_compromised': 'Unclassified documents and '
                                             'authentication key'},
 'description': 'The US Treasury Department experienced a security breach '
                "where attackers exploited vulnerabilities in BeyondTrust's "
                'remote tech support software, leading to unauthorized access '
                'to Treasury computers and certain unclassified documents. '
                'Attackers stole an authentication key, compromising '
                'unclassified data. The incident was linked to a China '
                'state-sponsored APT actor. While the compromised service was '
                'taken offline, the breach was classified as a major '
                'cybersecurity incident, prompting collaboration with the FBI, '
                'CISA, and the intelligence community for investigation.',
 'impact': {'data_compromised': 'Unclassified documents and authentication key',
            'systems_affected': 'Treasury Department computers'},
 'investigation_status': 'Ongoing',
 'motivation': 'Data theft',
 'response': {'containment_measures': ['Taking compromised service offline'],
              'law_enforcement_notified': True,
              'third_party_assistance': ['FBI',
                                         'CISA',
                                         'Intelligence Community']},
 'threat_actor': 'China state-sponsored APT actor',
 'title': 'US Treasury Department Security Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': "BeyondTrust's remote tech support software"}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

Helsinki

public 1 min read
A data breach affecting Helsinki, Finland’s capital and largest employer, exposed sensitive personal data of over 300,000 people.…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.