Since the beginning of the year, there has been a significant influx of hacks, hackers, attacks, and scam trends in the crypto community. Many of these actions have come at the hands of various hacking groups, with North Korean hacker groups in the limelight after many reports and warnings from the FBI. However, a report from the US treasury has confirmed that Chinese hackers may have pulled an even bigger move than their North Korean counterparts. 

The US Treasury has now revealed in a letter addressed to U.S. House lawmakers that it had been hit by an attack by Chinese state-sponsored hackers who breached the department’s computer security guardrails to steal documents in a “major incident.”

According to the letter's content, BeyondTrust, a security company that offers identity access and remote support services for many government departments and large organizations, notified the treasury of this breach. 

BeyondTrust’s analysis revealed that the hackers “gained access to a key used by the vendor,” which they used to carry out the hack. However, the company did not reveal how exactly the hackers obtained the key. 

Regardless, it was revealed that in this “major cybersecurity incident,” the hackers were able to override the Department’s security and remotely access the workstations of certain employees, which contained unclassified documents, some of which were stolen. 

The letter also attributed the incident to a China state-sponsored Advanced Persistent Threat (APT) actor. However, Mao Ning, a spokesperson for China’s foreign ministry, stated in a news conference on Tuesday that "China has always opposed all forms of hacker attacks. " 

Further denying involvement, another spokesperson for the Chinese Embassy in Washington has rejected any responsibility for the incident, stating that Beijing "firmly opposes the U.S.'s smear attacks against China without any factual basis."

This would not be the first reported incident of Chinese-sponsored cyberattacks discovered in the US in recent months. A Chinese group called Salt Tycoon has been accused of a wave of cyberattacks targeting U.S. phone companies and internet corporations, including AT&T and Verizon, to access the private communications of some senior U.S. government officials, including presidential candidates. 

A spokesperson for BeyondTrust also revealed that the company "previously identified and took measures to address a security incident in early December 2024" involving its remote support conduct. According to the spokesperson's email, during that incident, the company “notified the limited number of customers who were involved” as well as law enforcement. 

The spokesperson referred to a statement on BeyondTrust’s website that shared some details from the investigation, including one that, similar to this latest hack, involved a digital key being compromised. 

While accusations are still flying, Tom Hegel, a threat researcher at SentinelOne, a cybersecurity company, stated that the security incident is similar to the pattern of operations known with several People’s Republic of China hacking groups.

China Announces New Stimulus Measures Amid US Rate Cuts | HODL FM
China’s central bank unveils new stimulus measures after US Fed…
hodl-post-imageHODL FM: The Wildest Ride in the Crypto MarketKataryna Habeliia
hodl-post-image

Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice of this sort, HODL FM strongly recommends contacting a qualified industry professional.