A Johns Creek company, BeyondTrust, has found itself in the eye of a cybersecurity storm after Chinese hackers reportedly breached the U.S. Treasury Department, stealing unclassified documents by exploiting a digital key from the third-party service provider, the department and company confirmed. According to a Fox5 Atlanta report, the breach was detected on December 8 when BeyondTrust reported that hackers had circumvented their security protocols, gaining unauthorized remote access to several Treasury employee workstations.
While the Treasury has significantly amped up its cyber defense over the past four years, this incident underscores the relentless nature of cybersecurity threats, and the breach has been attributed to a Chinese state-sponsored group. The scope of the intrusion and the sensitive nature of documents potentially accessed has not yet been disclosed contributing to the anxiety surrounding the implications of the breach for national security, given that the Salt Typhoon campaign, another Chinese-linked cyberespionage endeavor, has recently compromised private communication of Americans including texts and phone conversations with at least nine telecommunications companies being affected, as reported by Fox5 Atlanta.
A detailed explanation of the breach was revealed in a letter to lawmakers, informing them that the compromised key allowed the threat actors to bypass the cloud service’s security measures set in place by BeyondTrust, according to a Reuters article. The company serves as a cybersecurity behemoth, offering privileged access management, vulnerability assessments, endpoint privilege management, and secure remote support, catering to finance, healthcare, government, and retail sectors among others.
Upon learning of the breach, the Cyberspace Solarium Commission began coordinating with the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and other federal agencies to control the situation and "Treasury takes very seriously all threats against our systems, and the data it holds," a department spokesperson said, in a statement obatined by Fox5 Atlanta.
