Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

BumRushDaShow

(149,992 posts)
Mon Dec 30, 2024, 06:34 PM Dec 2024

U.S. Treasury says its computers were hacked by a Chinese 'threat actor' in a 'major incident'

Source: NBC News

Dec. 30, 2024, 4:50 PM EST


he U.S. Treasury department said a state-sponsored Chinese hacking operation was able to use third-party software to access the desktop computers of Treasury employees in what the department is calling "a major incident."

In a letter seen by NBC News, Aditi Hardikar, assistant secretary for management of the U.S. Department of the Treasury, wrote that the office was notified on Dec. 8 of the breach. The letter is addressed to Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, R-S.C., the chairman and ranking member, respectively, of the Committee on Banking, Housing and Urban Affairs.

Hardikar wrote that the U.S. Treasury was told by "a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users." With this access, the "threat actor" was able to override certain security measures and access the department office user workstations. The information accessed by the "threat actor" was unclassified documents.

The U.S. Treasury has been working with Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and other members of the intelligence community, as well as "third-party forensic investigators to fully characterize the incident and determine its overall impact," according to the letter.

Read more: https://www.nbcnews.com/tech/security/us-treasury-says-computers-hacked-chinese-threat-actor-rcna185809

24 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
U.S. Treasury says its computers were hacked by a Chinese 'threat actor' in a 'major incident' (Original Post) BumRushDaShow Dec 2024 OP
How much damage was done? Irish_Dem Dec 2024 #1
As dlk says below, "We'll never know" erronis Dec 2024 #7
We keep taking one major hacker hit after another. Irish_Dem Dec 2024 #8
LOL ananda Dec 2024 #10
It was a rhetorical question. Irish_Dem Dec 2024 #12
LOL again ananda Dec 2024 #19
Well, imho, I'm sure every valid entity in the US and the world is under some sort of cyber attack. Either by SWBTATTReg Dec 2024 #2
We'll never know dlk Dec 2024 #3
The Chinese are at war with the US and doing quite a bit of damage. Irish_Dem Dec 2024 #9
This message was self-deleted by its author Chin music Dec 2024 #22
As Edward R. Murrow said: "Good night. And good luck." Truer words never spoken. We are needing some luck. BS crazy. Evolve Dammit Dec 2024 #4
BeyondTrust? This is the vendor who caused the problem. BeyondTrust. SMH n/t SupportSanity Dec 2024 #5
No, this is the organization that detected the breach - as far as I can tell. erronis Dec 2024 #13
Wrong pimpbot Dec 2024 #16
Right you are. Thanks for correcting my mis-interpretation. erronis Dec 2024 #17
Report at DocumentCloud usonian Dec 2024 #6
This should not be happening. Someone or Someones are asleep at the switch here. Joinfortmill Dec 2024 #11
Lots of "switches" here. All the way from the target back through all the suppliers. erronis Dec 2024 #14
Well, after January 20th they won't need to hack to get in drray23 Dec 2024 #15
Recommended True Dough Dec 2024 #18
They should've waited... DingleBerryNW Dec 2024 #20
This message was self-deleted by its author Chin music Dec 2024 #21
I had an account when the interest rate was north of 9% and was loving it! wolfie001 Dec 2024 #23
Are hackers using AI yet? IcyPeas Dec 2024 #24

erronis

(18,659 posts)
7. As dlk says below, "We'll never know"
Mon Dec 30, 2024, 07:23 PM
Dec 2024

Even if the US authorities (FBI, CISA, etc.) do uncover some of the traces of the infection, it will not be disclosed to the public.

1. You don't want your adversaries to know what you have uncovered;
2. The public has no right for full disclosures. (sarcasm)

Irish_Dem

(67,214 posts)
8. We keep taking one major hacker hit after another.
Mon Dec 30, 2024, 07:29 PM
Dec 2024

And no one tells us how bad it is.

What do the Chinese want from the US Treasury?

Irish_Dem

(67,214 posts)
12. It was a rhetorical question.
Mon Dec 30, 2024, 07:51 PM
Dec 2024

But how do they pull off the heist?
Don't they have to physically get the contents?

SWBTATTReg

(25,068 posts)
2. Well, imho, I'm sure every valid entity in the US and the world is under some sort of cyber attack. Either by
Mon Dec 30, 2024, 06:40 PM
Dec 2024

foreign entities, or persons of ill-repute, trying to make a few bucks scamming the system somehow.

The world out there is NOT safe people. If you have an online presence, protect it at all costs. Avoid questionable sites. And perhaps use a separate ID to get into banking etc. sites vs. a media site, such as DU, facebook, etc.

dlk

(12,612 posts)
3. We'll never know
Mon Dec 30, 2024, 06:41 PM
Dec 2024

The infiltration of Chinese hackers into America is much more pervasive than we will ever be told.

Irish_Dem

(67,214 posts)
9. The Chinese are at war with the US and doing quite a bit of damage.
Mon Dec 30, 2024, 07:30 PM
Dec 2024

We are told over and over about the "major" attacks.

We know it is not good news.

Response to Irish_Dem (Reply #9)

Evolve Dammit

(20,429 posts)
4. As Edward R. Murrow said: "Good night. And good luck." Truer words never spoken. We are needing some luck. BS crazy.
Mon Dec 30, 2024, 07:10 PM
Dec 2024

erronis

(18,659 posts)
13. No, this is the organization that detected the breach - as far as I can tell.
Mon Dec 30, 2024, 07:52 PM
Dec 2024

There is no mention of the vendor who had its software/hardware hacked but frequent candidates are network infrastructure, common "secure" software interconnections (FortiNet), and even software that is supposed to monitor for anomalies.

pimpbot

(1,068 posts)
16. Wrong
Mon Dec 30, 2024, 09:04 PM
Dec 2024

Read the letter posted below in this thread. It explicitly says the Chinese compromised a beyondtrust service and used it to gain access.

usonian

(16,849 posts)
6. Report at DocumentCloud
Mon Dec 30, 2024, 07:19 PM
Dec 2024
https://www.documentcloud.org/documents/25472754-12/

One page only.



Pretty distinctive signature.
Hope Aditi's checkbook doesn't fall to the ground in the same parking lot I'm parked in.

erronis

(18,659 posts)
14. Lots of "switches" here. All the way from the target back through all the suppliers.
Mon Dec 30, 2024, 07:58 PM
Dec 2024

Each link on the chain can see intrusions (see SolarWinds). To get a product to run on a government system there may be 20-100 (swag) companies involved. The government has no way to audit all of the transactions or verify the final product.

A whole lot has been done in the last 5-10 years through efforts to secure the software and the chains. See CISA. However it's much harder to defend against attack than to be the attacker.

DingleBerryNW

(34 posts)
20. They should've waited...
Mon Dec 30, 2024, 09:50 PM
Dec 2024

Until after the orange one’s inauguration. Trump would have just given the passwords. Saving the hackers countless hours of work….

Response to BumRushDaShow (Original post)

wolfie001

(4,391 posts)
23. I had an account when the interest rate was north of 9% and was loving it!
Tue Dec 31, 2024, 08:42 AM
Dec 2024

Of course it was very temporary, but I thought the whole on-line experience was a clunky, 1990s mess. It was a bit shocking really. This whole affair isn't surprising and with the fat orange asshole returning to the WH, things prolly won't get much better with protecting our nation's institutions. Thanks to the stupid half that voted for him or sat on their fucking hands.

IcyPeas

(23,400 posts)
24. Are hackers using AI yet?
Tue Dec 31, 2024, 01:34 PM
Dec 2024

I dread hackers screwing with our power grid. That would be hell.

Latest Discussions»Latest Breaking News»U.S. Treasury says its co...