The Cybersecurity and Infrastructure Security Agency (CISA) issued an update today regarding last week’s cybersecurity incident at the Treasury Department, stating that no other Federal agencies appear to have been impacted.
CISA said it is working closely with the Treasury Department and software service provider BeyondTrust “to understand and mitigate the impacts of the recent cybersecurity incident.”
“At this time, there is no indication that any other Federal agencies have been impacted by this incident,” the agency said in a Jan. 6 statement. “CISA continues to monitor the situation and coordinate with relevant Federal authorities to ensure a comprehensive response.”
“The security of Federal systems and the data they protect is of critical importance to our national security. We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate,” CISA added.
BeyondTrust notified the Treasury Department in early December of a China state-sponsored breach of some of the department’s sensitive systems. The company said the threat actor had gained access to a key used by the vendor for remotely supporting Treasury Departmental Offices end users.
Using the stolen key, the threat actor was able to override the service’s security and remotely access Treasury workstations and certain unclassified documents stored by those users.
Senate Banking Committee Ranking Member Tim Scott, R-S.C., and House Financial Services Committee Vice Chairman French Hill, R-Ark., wrote a letter to Treasury Secretary Janet Yellen last week demanding details on the breach.
“The fact that a CCP-sponsored APT actor was able to access Treasury’s information systems is unacceptable and raises serious questions about the protocols for safeguarding sensitive Federal government information from future cybersecurity incidents,” the lawmakers wrote.
