China-hacked US Finance Office: Serious security incident

China-hacked US Finance Office: Serious security incident

The US Ministry of Finance informed the legislators on Monday that a player supported by China has entered the ministry's work stations, which is described by the officials as a "big event".

Details of entering the Ministry of Finance

In a letter viewed by CNN, an official from the Ministry of Finance announced that on December 8, a third -party provider of software services was informed that a threat player had accessed certain work stations and unclassified documents from the ministry with the help of a stolen key.

assignment of the incident to state actors

measures according to the incident

A spokesman for the ministry told CNN that the affected service was taken offline and that the officers work with the law enforcement authorities and the cybersecurity and Infrastructure Security Agency (CISA).

"There is no evidence that the threat player continues to have access to the systems or information from the Ministry of Finance," the spokesman continued.

secret message to the financial services committee

Officials of the Ministry of Finance are planning a confidential information meeting for the incident with employees of the Committee for Financial Services of the House of Representatives, as a senior employee of the CNN committee announced. The exact time of the session has not yet been determined.

access through stolen keys

According to the letter to the leadership of the Senate Banking Committee, the third -party provider Beyondtrust announced that Hacker had gained access to a key that was used by the provider to secure a cloud -based service for technical support that the finance ministry uses.

response from Beyondttrust to the security incident

"Due to the access to the stolen key, the threat player was able to pass on the security precautions of the service, access certain work stations of the Ministry of Finance and see certain unclassified documents that are managed by these users," says the letter from the Ministry.

Beyondtrust said that on December 2, a security incident was found that affected the “Remote Support” product and informed the customers concerned after the company had confirmed “abnormal behavior” in the product on December 5th.

On December 8th, the company Information material on its website and has continuously reported the progress of its investigations, to alleviate future threats. The company stated that the authorities of the product have been committed and hired an external cyber security team for examination.

identification of the affected systems

"No other products from Beyondtrust were affected," said a spokesman for the company. "The law enforcement agencies were notified and Beyond trust supports the investigation efforts."

It is unclear how many work stations have been infiltrated. However, the spokesman for the Ministry of Finance announced that "several" work stations were affected by users of the ministry.

classification of the incident as a large cybersecurity threat

Hardikar said that, according to the guidelines of the Ministry of Finance, intruders who are connected with advanced threat actors are classified as a "large cybersecurity event". The officials of the Ministry of Finance are obliged to submit an updated report within 30 days.

scope of the damage and further examinations

It is still unclear whether the Ministry of Finance has completely determined the scope of the damage caused by the incident. In the letter, Hardikar wrote that the Ministry of Finance in an effort to “fully characterize and determine its overall effects” with CISA, the FBI, US secret services and external forensic investigators.

"Cisa was immediately informed after the Ministry of Finance had found out about the attack, and the remaining competent authorities were contacted as soon as the extent of the attack was obvious," says the letter.