Digital Forensics: The president-elect’s social media accounts announced a new product so sketchy that social media users questioned whether he was hacked With just days to go until Donald Trump returns to the White House, the president-elect’s social media accounts pitched Friday what may be the latest Trump-branded merchandise: Trump [...]
A Dec. 30 letter to the Committee on Banking, Housing and Urban Affairs from Aditi Hardika, the assistant secretary for management at the U.S. Department of the Treasury, has confirmed that Chinese hackers were able to “access certain unclassified documents” during a Dec. 8 attack. As a joint investigation by the Department of the Treasury and the FBI continues, here’s what we know so far.
Digital Forensics: FBI Investigation Underway—The U.S. Treasury Hack Timeline
The letter from assistant secretary Hardika, seen by this reporter, provided notice that “the Department of the Treasury has determined that a major incident occurred. On December 8, 2024.” Notification of the incident was provided by a third-party software service, Beyond Trust, used by the Treasury.
“A threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users,” Hardika said, “With access to the stolen key, the threat actor was able override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The gap between the U.S. Treasury being notified of the security incident and reporting it to the Committee on Banking, Housing and Urban Affairs would appear to be due to information gathering, which alerted the Treasury to “the scope of the attack.” The Treasury brought in the Cybersecurity and Infrastructure Security Agency immediately after being notified of the attack, with the remaining agencies, the FBI, intelligence community and third-party forensic investigators, contacted upon realization of the extent of the attack itself.
“Based on available indicators,” Hardika said, “the incident has been attributed to a China state-sponsored Advanced Persistent Threat actor.”
Digital Forensics: FBI And CISA Determine No Evidence Of Continued Access To Treasury Information, China Denies Involvement
A spokesperson for the Chinese Foreign Ministry, Mao Ning, said that Beijing “has always opposed all forms of hacker attacks, and we are even more opposed to the spread of false information against China for political purposes. We have stated our position many times regarding such groundless accusations that lack evidence.”
According to the U.S. Treasury itself, the compromised service from BeyondTrust has been taken offline and, as far as the investigation from CISA and the FBI can determine at this stage, “there is no evidence indicating the threat actor has continued access to Treasury information.”
Digital Forensics: Updated [hour]:[minute] [AMPM] [timezone], [monthFull] [day], [year] PROVIDENCE, R.I. (AP) — Cybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a ...
Digital Forensics: The president-elect’s social media accounts announced a new product so sketchy that social media users questioned whether he was hacked With just days to go until Donald Trump [...]
Post comments (0)