US officials say a recent cybersecurity breach at the Treasury Department originated from hackers in China.
US officials say a recent cybersecurity breach at the Treasury Department originated from hackers in China.
US officials say a recent cybersecurity breach at the Treasury Department originated from hackers in China.
US officials say a recent cybersecurity breach at the Treasury Department originated from hackers in China.

Hack on US Treasury blamed on China causes fear in cybersecurity community


Cody Combs
  • English
  • Arabic

After unclassified documents from the US Treasury Department were accessed in a hack blamed on China, many in the cybersecurity community are wondering how such breaches might intensify in the weeks and months ahead.

“I know a lot of cybersecurity vendors are now worried about getting hit themselves,” said a media-relations professional with various technology clients. “As a result, they’re taking the line of not jumping on top of someone else’s misfortune.”

The Treasury Department sent a letter to US senators on Monday saying that third-party software provider BeyondTrust had disclosed that a “threat actor” gained “access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users”.

In a statement provided to The National, BeyondTrust said that it had notified a limited number of customers who were affected, and that it has been working to support the customers since then.

“BeyondTrust previously identified and took measures to address a security incident in early December 2024 that involved the Remote Support product,” read the statement. It added that only the company's Remote Support product had been compromised.

“Law enforcement was notified and BeyondTrust has been supporting the investigative efforts.”

The company also said it had posted an entire timeline of the hack and would continue updating affected customers.

A US Treasury Department letter sent to Congress after the hacking. Photo: Screengrab
A US Treasury Department letter sent to Congress after the hacking. Photo: Screengrab

China has repeatedly denied involvement in the hacking, with a Foreign Ministry representative saying that the accusations were “groundless” and “lacking evidence”.

According to the letter from the Treasury Department, through the “key”, the hacker was able to gain access to certain government workstations – with that access limited to unclassified documents.

“The analogy is a hacker breaks into your plumber's office and steals master keys to the buildings they service,” John Scott-Railton, a senior researcher with Citizen Lab, an interdisciplinary technology research lab based at the University of Toronto, wrote on X.

“Given BeyondTrust's big client list, makes one wonder if other customers were targeted,” he added, referring to clients such as Williams Sonoma, Carbonite, IHG Hotels and Resorts, Wynn Resorts and ServiceNow.

Heightened awareness due to Salt Typhoon cyber attack

The recent compromise of the Treasury Department comes weeks after what has become known as the Salt Typhoon cyber breach, flagged by US cybersecurity officials in early December.

In that particular breach, Washington agencies accused China of sponsoring an attack that infiltrated at least nine US communications companies and potentially left American consumers vulnerable.

As a result of Salt Typhoon and other recent accusations against China-based hackers, the Cybersecurity and Infrastructure Security Agency, issued guidance for “highly targeted individuals” in the US to protect their mobile devices and personal communication computer systems.

The US Cybersecurity and Infrastructure Security Agency's new guidance for highly vulnerable users. Photo: Screengrab
The US Cybersecurity and Infrastructure Security Agency's new guidance for highly vulnerable users. Photo: Screengrab

“Use only end-to-end encrypted communications,” reads one of the guidance suggestions from CISA in the long list compiled by the agency. “Migrate away from short message service-based multi factor authorisation,” reads another on the list, which also has specific instructions for iPhone and Android platform users.

Ongoing technology tension between US and China

In early December during a panel discussion hosted by the Centre for Strategic and International Studies, Kara Frederick, director of the tech policy centre for The Heritage Foundation, a conservative think tank, spoke about an increasingly problematic national security outlook when it comes to China, and that US tech companies needed to scale back efforts in the country.

“US big tech companies are going to have to pick a flag, and it should be the stars and bars and not China. I think the Trump administration will wake these companies up to that,” she said.

In a recent video posted by the select committee on the Chinese Communist Party, Republican Representative John Moolenaar did not mince words about tension between the US and China over technology.

“The select committee has made incredible progress in combating China's maligned influence within the United States,” Mr Moolenaar said, pointing out the recent bill that seeks to ban TikTok in the US due to national security concerns.

That bill is being challenged by ByteDance, the Beijing-based owner of TikTok, in the US Supreme Court, which will hear legal arguments from the company that is hoping to keep the social media platform operating in the US.

“With steadfast support from both [House Speaker Mike Johnson and minority leader Hakeem Jeffries] I look forward to continuing to lead this excellent group of lawmakers for another two years in continuing our bipartisan work to stand up to the Chinese Communist Party to protect American interests at home and abroad,” said Mr Moolenaar.

Can NRIs vote in the election?

Indians residing overseas cannot cast their ballot abroad

Non-resident Indians or NRIs can vote only by going to a polling booth in their home constituency

There are about 3.1 million NRIs living overseas

Indians have urged political parties to extend the right to vote to citizens residing overseas

A committee of the Election Commission of India approved of proxy voting for non-resident Indians

Proxy voting means that a person can authorise someone residing in the same polling booth area to cast a vote on his behalf.

This option is currently available for the armed forces, police and government officials posted outside India

A bill was passed in the lower house of India’s parliament or the Lok Sabha to extend proxy voting to non-resident Indians

However, this did not come before the upper house or Rajya Sabha and has lapsed

The issue of NRI voting draws a huge amount of interest in India and overseas

Over the past few months, Indians have received messages on mobile phones and on social media claiming that NRIs can cast their votes online

The Election Commission of India then clarified that NRIs could not vote online

The Election Commission lodged a complaint with the Delhi Police asking it to clamp down on the people spreading misinformation

MO
%3Cp%3E%3Cstrong%3ECreators%3A%20%3C%2Fstrong%3EMohammed%20Amer%2C%20Ramy%20Youssef%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStars%3A%20%3C%2Fstrong%3EMohammed%20Amer%2C%20Teresa%20Ruiz%2C%20Omar%20Elba%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
Updated: January 02, 2025, 11:42 PM`