China has rubbished the US claim that a Chinese state-sponsored hacker gained access to the computers of the employees of the Treasury Department to obtain "certain unclassified documents maintained by those users."
Denying the US Treasury report on the cyber attack, Chinese embassy spokesman Liu Pengyu released a statement that said it can be difficult to trace the origin of hackers and the US needs to use cyber security to smear and slander China.
"We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations," he said. "The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats."
The Biden administration had recently claimed that nine telecom firms were targetted by Chinese spies in an elaborate campaign that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans. The US called the Chinese hacking blitz a 'Salt Typhoon'.
Meanwhile, the US Treasury Department claimed on Monday that the Chinese hacker gained access to the computers of the employees of the Treasury Department to obtain certain unclassified documents.
The major cybersecurity incident was reported by Aditi Hardikar, assistant secretary for management of the US Department of the Treasury, in a letter to Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, R-S.C., the members of the Committee on Banking, Housing and Urban Affairs.
The letter said the breach was notified to the Treasury Department on December 8 by a third-party software service provider, BeyondTrust. The information was that "a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users."
The China state-sponsored actor overrode the security systems before gaining access remotely to Treasury workstations. An investigation was launched into this and the hacker has been "Advanced Persistent Threat."
BeyondTrust first spotted the suspicious activity on December 2 but it took the company three days to finally figure out that it had been hacked.
However, the Treasury Department did not specify the nature of information stolen and how long the hack took place. However, the Treasury told lawmakers it will release more information about the incident in a supplemental report within the next 30 days.
The Treasury Department informed that once the breach was notified, it immediately contacted the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI and other members of the intelligence community. "The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information," the letter said.
