Top lawmakers in the House and Senate sent a letter to Treasury Secretary Janet Yellen on Tuesday asking her to provide key committees with a briefing on a major Chinese cyber intrusion into sensitive systems within the agency.
Cloud security service provider BeyondTrust alerted Treasury early last month to a breach in which Beijing-aligned hackers obtained a key used to secure a cloud tool for remotely supporting Treasury Departmental Offices end users. Using the stolen key, the hackers bypassed BeyondTrust’s security, accessed Treasury workstations and retrieved unclassified documents stored by those users.
They also accessed Treasury’s Office of Foreign Assets Control, a powerful arm of the agency with legal authority to issue economic sanctions against foreign adversaries found to be a threat to U.S. security interests, The Washington Post reported Wednesday.
“This breach of federal government information is extremely concerning. As you know, Treasury maintains some of the most highly sensitive information on U.S. persons throughout government, including tax information, business beneficial ownership and suspicious activity reports,” Senate Banking Committee Ranking Member Tim Scott, R-S.C., and House Financial Services Committee Vice Chairman French Hill, R-Ark., wrote in the letter.
The letter requests a Treasury Department briefing by January 10 on the specifics of the hack, including its timing, method and the Chinese hacking unit responsible. It also asks about Treasury’s prior awareness of cybersecurity vulnerabilities associated with BeyondTrust or other third-party software vendors tethered to the agency’s systems.
A department spokesperson did not respond to a request for comment.
The hack is the latest in a series of Chinese salvos against U.S. networks. Officials are dealing with a separate intrusion into dozens of telecommunications providers in the U.S. and abroad, in a campaign that’s been deemed one of the most damaging espionage attacks in history.
Treasury’s initial notification letter to Congress, sent by Assistant Secretary Aditi Hardikar, said the incident “has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor” but did not name a specific collective. APTs refer to hacking groups with advanced skills and dogged strategies that often have nation-state military or intelligence backing.
A Chinese embassy spokesperson vehemently denied the contents of that letter and said China firmly opposes U.S. “smear attacks” that involve accusations of hacking.
A BeyondTrust spokesperson said the compromised remote support service was a commercial offering, distinct from a similar sounding remote management tool listed on the FedRAMP marketplace, which catalogs cloud services meeting baseline government security standards.
Private firms selling cloud products to the government are encouraged — though not required — to obtain FedRAMP authorization, which promotes the use of vetted cloud services and can offer vendors access to more lucrative contracting opportunities.
“BeyondTrust notified the limited number of customers who were involved, and it has been working to support those customers since then,” the company said in a previous statement. “No other BeyondTrust products were involved.”
