Tech

The US Treasury Department admitted it was hacked by China

admin

BeyondTrust, SaaS, and the Treasury Department: A Security Insight into a Key-Locked Cyber-Espioning Attack

The Treasury Department had a hack earlier this month, which allowed hackers to gain access to some computers and unclassified documents.

On December 8, BeyondTrust published an alert that it has continued to update about “a security incident that involved a limited number of Remote Support SaaS customers.” (SaaS stands for “software as a service.”) Though the notification does not say that the US Treasury was one of the impacted customers, the timeline and details appear to line up with the Treasury disclosure, including acknowledgment from BeyondTrust that attackers compromised an application programming interface key.

The revelation comes as U.S. officials are grappling with the aftermath of a massive Chinese cyberespioning campaign that gave officials in Beijing access to private texts and phone conversations of Americans. A top White House official said Friday that the number of companies that had been affected by the hack has now risen to nine.

“The compromised BeyondTrust service has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information,” Treasury assistant secretary for management Aditi Hardikar wrote the lawmakers. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”

The compromised service has since been taken offline, and there’s no evidence that the hackers still have access to department information, Aditi Hardikar, an assistant Treasury secretary, said in the letter Monday to leaders of the Senate Banking Committee.

The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency and others to investigate the impact of the hack, and that the hack had been attributed to Chinese state-sponsored culprits. It did not elaborate.

There are two exploited vulnerabilities in the situation– the critical command injection vulnerability and the medium-severity command injection vulnerability. The CVE is in the “Known Exploited Vulnerabilities Catalog”. Command injection vulnerabilities can be exploited to gain access to a target’s systems.

In, ,
Previous post According to a biographer, Jimmy Carter was a very unusual kind of politician
Next post A fast radio blast swings a polarization angle

More Stories

The death of Net Neutrality is a bad thing

admin

The US Federal Communications Commission’s net neutrality rules are protected by the Constitution, a US federal appeals court has ruled. “The existence of a fact or a thought in one’s mind isn’t ‘information’ like’0s and 1s’ used by computers,” the court said. The ruling came in a lawsuit filed against the FCC by broadband industry associations.

We’re not sure what we know about the attack in New Orleans

admin

The driver of a truck that rammed into a crowd on New Orleans’ Bourbon Street in the early hours of New Year’s Day, leaving at least 15 people dead, was killed in a gunfight with police. The driver, identified as 28-year-old US citizen Faisal Abu Jabbar, was shot and killed by the police. At least 20 people were injured in the attack.