The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday said that last weekโs cybersecurity incident was only limited to the U.S. Department of the Treasury, and had no wider government impact.
“At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response,โ the CISA said in a statement issued on Monday.
This update follows the US Treasury Department’s disclosure last Monday about a Chinese state-sponsored hacker breach of its agencyโs workstations in early December, which it described as a “major cybersecurity incident.” The cybercriminals had compromised BeyondTrust, a third-party vendor that provides identity and remote support for Treasury workstations.
In a letter shared with senior U.S. House lawmakers last week, the agency said that BeyondTrust notified them of the breach on December 8th.
According to the letter, the Chinese state-sponsored hackers used a Remote Support SaaS API key stolen from BeyondTrust to override the serviceโs security, remotely access certain Treasury Departmental Offices (DO) user workstations, and access certain unclassified documents maintained by the employees. However, it is unclear how the BeyondTrust key was stolen.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor. In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” the letter added.
In a statement this Monday, CISA said it โis working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident.โ
The federal cyber watchdog added, โThe security of federal systems and the data they protect is of critical importance to our national security. We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate.โ
In accordance with legal requirements, the Treasury Department has committed to providing lawmakers with an update within 30 days.