CNN —The US Treasury Department notified lawmakers on Monday that a China state-sponsored actor infiltrated Treasury workstations in what officials are describing as a “major incident.”In a letter reviewed by CNN, a Treasury official said it was informed by a third-party software service provider on December 8 that a threat actor used a stolen key to remotely access certain Treasury workstations and unclassified documents.
“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” the Treasury spokesperson said.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users,” the Treasury letter said.
However, the Treasury spokesperson said in the statement that “several” Treasury user workstations were accessed.
Hardikar said in the letter that based on Treasury policy, intrusions attributed to advanced persistent threat actors are considered a “major cybersecurity incident.” Treasury officials are required to provide an update in a 30-day supplemental report.
Persons:
” Aditi Hardikar, BeyondTrust, It’s, Hardikar, “ CISA
Organizations:
CNN, US Treasury Department, Treasury, US Treasury, Infrastructure Security Agency, Banking, Departmental, ” Treasury, CISA, FBI
Locations:
China