A Dec. 30 letter to the Banking, Housing and Urban Affairs Committee from Aditi Hardika, the U.S. Treasury Department’s deputy assistant secretary for administration, confirmed that Chinese hackers were able to “access certain unclassified documents” during a Dec. 30 meeting . 8 attack. As a joint Treasury and FBI investigation continues, we learn the following:

ForbesNew Windows security warning as Russian cyberattacks are confirmedFrom Davey Winder

FBI investigation underway – timeline of hacker attack on US Treasury Department

The letter from Deputy Secretary Hardika, seen by this reporter, noted that “the Ministry of Finance has determined that a major incident has occurred on December 8, 2024.” The notification of the incident was made by a third party -Software service, Beyond Trust, used by the Treasury Department.

“A threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support to end users of the Treasury Department offices,” Hardika said. “With access to the stolen key, the threat actor was able to override the security of the service, remotely access certain workstations of Treasury DO users, and access certain unclassified documents maintained by those users.”

The gap between the US Treasury Department’s notification of the security incident and its report to the Committee on Banking, Housing and Urban Affairs appears to be due to intelligence gathering that alerted the Treasury Department to “the scale of the attack.” The Treasury Department called in the Cybersecurity and Infrastructure Security Agency immediately after being notified of the attack. The remaining authorities, the FBI, the secret services and external forensic investigators were contacted as the extent of the attack itself was realized.

ForbesImportant Gmail Warning: Do not click Yes to these Google security warnings.From Davey Winder

“Based on available indicators,” Hardika said, “the incident was attributed to a state-sponsored advanced persistent threat actor in China.”

FBI and CISA find no evidence of continued access to Treasury Department information, China denies involvement

A Chinese Foreign Ministry spokesman, Mao Ning, said Beijing “has always opposed all forms of hacking attacks, and we are even more opposed to the spread of false information against China for political reasons. We have expressed our position on this many times before such unfounded allegations that lack evidence.”

According to the US Treasury Department itself, the compromised BeyondTrust service has been taken offline and, as far as the CISA and FBI investigation can determine at this time, “there is no evidence that the threat actor continued to have access to Treasury Department information.”

ForbesDark Web Facial ID Farm Alert – Hackers Build Identity Fraud DatabaseFrom Davey Winder