Update, Jan. 2, 2025: This story, originally published Dec. 31, 2024, now updated with comments from Dr. Raphael Yahalom, a research affiliate at MIT Sloan School of Management specializing in emerging solutions to help reshape the future of cybersecurity.
A Dec. 30 letter to the Committee on Banking, Housing and Urban Affairs from Aditi Hardika, the assistant secretary for management at the U.S. Department of the Treasury, has confirmed that Chinese hackers were able to “access certain unclassified documents” during a Dec. 8 attack. As a joint investigation by the Department of the Treasury and the FBI continues, here’s what we know so far.
The letter from assistant secretary Hardika, seen by this reporter, provided notice that “the Department of the Treasury has determined that a major incident occurred. On December 8, 2024.” Notification of the incident was provided by a third-party software service, Beyond Trust, used by the Treasury.
“A threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users,” Hardika said, “With access to the stolen key, the threat actor was able override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”