Friendly forums for passionate Dems!
More than 92 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»Latest Breaking News»U.S. Treasury says its co...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Latest Breaking News

Related: General Discussion, Editorials & Other Articles

BumRushDaShow

(144,802 posts) Mon Dec 30, 2024, 05:34 PM Dec 30

U.S. Treasury says its computers were hacked by a Chinese 'threat actor' in a 'major incident'

Source: NBC News

Dec. 30, 2024, 4:50 PM EST


he U.S. Treasury department said a state-sponsored Chinese hacking operation was able to use third-party software to access the desktop computers of Treasury employees in what the department is calling "a major incident."

In a letter seen by NBC News, Aditi Hardikar, assistant secretary for management of the U.S. Department of the Treasury, wrote that the office was notified on Dec. 8 of the breach. The letter is addressed to Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, R-S.C., the chairman and ranking member, respectively, of the Committee on Banking, Housing and Urban Affairs.

Hardikar wrote that the U.S. Treasury was told by "a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users." With this access, the "threat actor" was able to override certain security measures and access the department office user workstations. The information accessed by the "threat actor" was unclassified documents.

The U.S. Treasury has been working with Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and other members of the intelligence community, as well as "third-party forensic investigators to fully characterize the incident and determine its overall impact," according to the letter.

Read more: https://www.nbcnews.com/tech/security/us-treasury-says-computers-hacked-chinese-threat-actor-rcna185809

24 replies, 1713 views
24 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
U.S. Treasury says its computers were hacked by a Chinese 'threat actor' in a 'major incident' (Original Post) BumRushDaShow Dec 30 OP
How much damage was done? Irish_Dem Dec 30 #1
As dlk says below, "We'll never know" erronis Dec 30 #7
We keep taking one major hacker hit after another. Irish_Dem Dec 30 #8
LOL ananda Dec 30 #10
It was a rhetorical question. Irish_Dem Dec 30 #12
LOL again ananda Dec 30 #19
Well, imho, I'm sure every valid entity in the US and the world is under some sort of cyber attack. Either by SWBTATTReg Dec 30 #2
We'll never know dlk Dec 30 #3
The Chinese are at war with the US and doing quite a bit of damage. Irish_Dem Dec 30 #9
This message was self-deleted by its author Chin music Dec 30 #22
As Edward R. Murrow said: "Good night. And good luck." Truer words never spoken. We are needing some luck. BS crazy. Evolve Dammit Dec 30 #4
BeyondTrust? This is the vendor who caused the problem. BeyondTrust. SMH n/t SupportSanity Dec 30 #5
No, this is the organization that detected the breach - as far as I can tell. erronis Dec 30 #13
Wrong pimpbot Dec 30 #16
Right you are. Thanks for correcting my mis-interpretation. erronis Dec 30 #17
Report at DocumentCloud usonian Dec 30 #6
This should not be happening. Someone or Someones are asleep at the switch here. Joinfortmill Dec 30 #11
Lots of "switches" here. All the way from the target back through all the suppliers. erronis Dec 30 #14
Well, after January 20th they won't need to hack to get in drray23 Dec 30 #15
Recommended True Dough Dec 30 #18
They should've waited... DingleBerryNW Dec 30 #20
This message was self-deleted by its author Chin music Dec 30 #21
I had an account when the interest rate was north of 9% and was loving it! wolfie001 Tuesday #23
Are hackers using AI yet? IcyPeas Tuesday #24

erronis

(17,306 posts)
7. As dlk says below, "We'll never know"
Reply to Irish_Dem (Reply #1)
Mon Dec 30, 2024, 06:23 PM
Dec 30

Even if the US authorities (FBI, CISA, etc.) do uncover some of the traces of the infection, it will not be disclosed to the public.

1. You don't want your adversaries to know what you have uncovered;
2. The public has no right for full disclosures. (sarcasm)

Irish_Dem

(60,136 posts)
8. We keep taking one major hacker hit after another.
Reply to erronis (Reply #7)
Mon Dec 30, 2024, 06:29 PM
Dec 30

And no one tells us how bad it is.

What do the Chinese want from the US Treasury?

Irish_Dem

(60,136 posts)
12. It was a rhetorical question.
Reply to ananda (Reply #10)
Mon Dec 30, 2024, 06:51 PM
Dec 30

But how do they pull off the heist?
Don't they have to physically get the contents?

SWBTATTReg

(24,433 posts)
2. Well, imho, I'm sure every valid entity in the US and the world is under some sort of cyber attack. Either by
Reply to BumRushDaShow (Original post)
Mon Dec 30, 2024, 05:40 PM
Dec 30

foreign entities, or persons of ill-repute, trying to make a few bucks scamming the system somehow.

The world out there is NOT safe people. If you have an online presence, protect it at all costs. Avoid questionable sites. And perhaps use a separate ID to get into banking etc. sites vs. a media site, such as DU, facebook, etc.

dlk

(12,489 posts)
3. We'll never know
Reply to BumRushDaShow (Original post)
Mon Dec 30, 2024, 05:41 PM
Dec 30

The infiltration of Chinese hackers into America is much more pervasive than we will ever be told.

Irish_Dem

(60,136 posts)
9. The Chinese are at war with the US and doing quite a bit of damage.
Reply to dlk (Reply #3)
Mon Dec 30, 2024, 06:30 PM
Dec 30

We are told over and over about the "major" attacks.

We know it is not good news.

Response to Irish_Dem (Reply #9)

Chin music This message was self-deleted by its author.

Evolve Dammit

(19,256 posts)
4. As Edward R. Murrow said: "Good night. And good luck." Truer words never spoken. We are needing some luck. BS crazy.
Reply to BumRushDaShow (Original post)
Mon Dec 30, 2024, 06:10 PM
Dec 30

erronis

(17,306 posts)
13. No, this is the organization that detected the breach - as far as I can tell.
Reply to SupportSanity (Reply #5)
Mon Dec 30, 2024, 06:52 PM
Dec 30

There is no mention of the vendor who had its software/hardware hacked but frequent candidates are network infrastructure, common "secure" software interconnections (FortiNet), and even software that is supposed to monitor for anomalies.

pimpbot

(1,018 posts)
16. Wrong
Reply to erronis (Reply #13)
Mon Dec 30, 2024, 08:04 PM
Dec 30

Read the letter posted below in this thread. It explicitly says the Chinese compromised a beyondtrust service and used it to gain access.

usonian

(14,924 posts)
6. Report at DocumentCloud
Reply to BumRushDaShow (Original post)
Mon Dec 30, 2024, 06:19 PM
Dec 30
https://www.documentcloud.org/documents/25472754-12/

One page only.



Pretty distinctive signature.
Hope Aditi's checkbook doesn't fall to the ground in the same parking lot I'm parked in.

erronis

(17,306 posts)
14. Lots of "switches" here. All the way from the target back through all the suppliers.
Reply to Joinfortmill (Reply #11)
Mon Dec 30, 2024, 06:58 PM
Dec 30

Each link on the chain can see intrusions (see SolarWinds). To get a product to run on a government system there may be 20-100 (swag) companies involved. The government has no way to audit all of the transactions or verify the final product.

A whole lot has been done in the last 5-10 years through efforts to secure the software and the chains. See CISA. However it's much harder to defend against attack than to be the attacker.

DingleBerryNW

(14 posts)
20. They should've waited...
Reply to BumRushDaShow (Original post)
Mon Dec 30, 2024, 08:50 PM
Dec 30

Until after the orange one’s inauguration. Trump would have just given the passwords. Saving the hackers countless hours of work….

Response to BumRushDaShow (Original post)

Chin music This message was self-deleted by its author.

wolfie001

(3,891 posts)
23. I had an account when the interest rate was north of 9% and was loving it!
Reply to BumRushDaShow (Original post)
Tue Dec 31, 2024, 07:42 AM
Tuesday

Of course it was very temporary, but I thought the whole on-line experience was a clunky, 1990s mess. It was a bit shocking really. This whole affair isn't surprising and with the fat orange asshole returning to the WH, things prolly won't get much better with protecting our nation's institutions. Thanks to the stupid half that voted for him or sat on their fucking hands.

Reply to this discussion
Latest Discussions»Latest Breaking News»U.S. Treasury says its co...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2025 Democratic Underground, LLC. Thank you for visiting.