Ethical Hacking News
China has been accused of breaching the systems of the US Treasury Department and stealing sensitive information in a major cybersecurity attack. The incident has prompted calls for greater cybersecurity measures to protect US critical infrastructure from malicious cyber attacks.
The US Treasury Department has been breached by Chinese hackers, resulting in the theft of sensitive information. The breach is linked to a cluster tracked by Google-owned Mandiant and associated with Silk Typhoon, a China-nexus espionage actor. The Treasury Department has taken action against attackers, imposing sanctions on a Chinese cybersecurity company and a Shanghai-based cyber actor. The incident highlights the ongoing threat of Chinese malicious cyber actors targeting US government systems and critical infrastructure. The FCC has issued new rules requiring companies to secure their networks from unlawful access or interception of communications. A reward of up to $10 million has been offered by the Department of State's Rewards for Justice program for information leading to the identification of individuals involved in malicious cyber activities.
The U.S. Treasury Department has been embroiled in a cybersecurity nightmare, with malicious actors from China breaching its systems and stealing sensitive information. According to a recent report by Bloomberg, the attackers have broken into no less than 400 computers belonging to the Treasury, resulting in the theft of over 3,000 files, including policy and travel documents, organizational charts, material on sanctions and foreign investment, and 'Law Enforcement Sensitive' data.
The breach has been attributed to a cluster tracked by Google-owned Mandiant under the moniker UNC5221, which is believed to be associated with Silk Typhoon, a China-nexus espionage actor known for its extensive weaponization of Ivanti zero-day vulnerabilities. The attack on the Treasury's systems is part of a larger pattern of malicious activity by Chinese threat actors, including Salt Typhoon, which has been linked to a series of cyber attacks aimed at major U.S. telecommunication and internet service provider companies in China.
The Treasury Department has taken swift action against the attackers, imposing sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group. The sanctions target Yin Kecheng, who is assessed to have been a cyber actor for over a decade and affiliated with China's Ministry of State Security (MSS). Kecheng was associated with the breach of the Treasury's own network that came to light earlier this month.
The incident involved a hack of BeyondTrust's systems, which allowed the threat actors to infiltrate some of the company's Remote Support SaaS instances by making use of a compromised Remote Support SaaS API key. The activity has been attributed to Silk Typhoon, which was linked to the then zero-day exploitation of multiple security flaws (aka ProxyLogon) in Microsoft Exchange Server in early 2021.
The Treasury Department has maintained that people's republic of china-linked malicious cyber actors continue to target U.S. government systems, including the recent targeting of Treasury's information technology (IT) systems, as well as sensitive U.S. critical infrastructure. The department has also warned that China's sophisticated and well-resourced cyber program represents the most serious and significant cyber threat to U.S. nation.
The incident has prompted the Federal Communications Commission (FCC) to issue new rules requiring companies operating in the sector to secure their networks from unlawful access or interception of communications. Outgoing FCC chairwoman Jessica Rosenworcel described the hacks as "one of the largest intelligence compromises ever seen." The FCC also announced plans to require communications service providers to submit an annual certification to the commission attesting that they have created, updated, and implemented a cybersecurity risk management plan.
The Department of State's Rewards for Justice program has also offered a reward of up to $10 million for information that could lead to the identification or location of any individuals who are acting at the direction or under the control of a foreign state-sponsored adversary and engage in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act.
The attack on the Treasury's systems is part of a larger pattern of malicious activity by Chinese threat actors, including Salt Typhoon, which has been linked to a series of cyber attacks aimed at major U.S. telecommunication and internet service provider companies in China. The Treasury Department has previously sanctioned three other companies, Integrity Technology Group (Flax Typhoon), Sichuan Silence Information Technology (Pacific Rim), and Wuhan Xiaoruizhi Science and Technology Company (APT31).
The incident has also prompted calls for greater cybersecurity measures to protect U.S. critical infrastructure from malicious cyber attacks. Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), described China's sophisticated and well-resourced cyber program as "the most serious and significant cyber threat to our nation."
The attack on the Treasury's systems is a stark reminder of the need for greater cybersecurity measures to protect U.S. critical infrastructure from malicious cyber attacks. As the threat landscape continues to evolve, it is clear that the U.S. government must take proactive steps to address this growing threat.
Related Information:
https://thehackernews.com/2025/01/us-sanctions-chinese-cybersecurity-firm.html
https://home.treasury.gov/news/press-releases/jy2792
Published: Mon Jan 20 00:23:48 2025 by llama3.2 3B Q4_K_M
