{"id":2385104,"date":"2024-12-31T14:56:00","date_gmt":"2024-12-31T19:56:00","guid":{"rendered":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/chinese-hackers-breach-us-government-and-steal-documents-in-major-incident\/"},"modified":"2024-12-31T14:58:33","modified_gmt":"2024-12-31T19:58:33","slug":"chinese-hackers-breach-us-government-and-steal-documents-in-major-incident","status":"publish","type":"post","link":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/chinese-hackers-breach-us-government-and-steal-documents-in-major-incident\/","title":{"rendered":"Chinese Hackers Breach US Government and Steal Documents in &#8216;Major Incident&#8217;"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-count mash-medium\" style=\"float:left\"><div class=\"counts mashsbcount\">22<\/div><span class=\"mashsb-sharetext\">SHARES<\/span><\/div><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fwww.conservativenewsdaily.net%2Fbreaking-news%2Fchinese-hackers-breach-us-government-and-steal-documents-in-major-incident%2F\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Facebook<\/span><\/a><a class=\"mashicon-twitter mash-medium mash-nomargin mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/www.conservativenewsdaily.net\/breaking-news\/?p=2385104&amp;via=ConservNewsDly\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-medium mash-nomargin mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe<\/span><\/a><div class=\"onoffswitch2 mash-medium mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><p>A recent report from Reuters reveals that Chinese\u2063 state-sponsored\u200c hackers infiltrated the U.S. Treasury Department\u2019s computer systems, leading to a significant\u2064 breach described as a &#8220;major incident.&#8221; \u2062According to a letter from the \u200cTreasury Department, the \u200cbreach occurred when a third-party contractor, beyondtrust, left\u200c a security backdoor open, allowing the\u200b attackers \u2062to access sensitive \u200ddata by compromising a key used for securing a <a href=\"https:\/\/www.conservativenewsdaily.net\/breaking-news\/surprise-your-norton-360-security-software-now-comes-with-a-cryptominer\/\" title=\"Surprise!: Your Norton 360 Security Software Now Comes with a Cryptominer\">cloud-based service<\/a>. The Treasury\u200c has engaged multiple agencies,including the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau \u2062of Investigation (FBI),to\u2064 assess the situation and mitigate any\u200d ongoing risks.\u200d Though \u200bthe\u2064 letter attributed the cyber\u200d intrusion to a Chinese threat actor, it \u200bdid\u2064 not confirm whether\u2062 the hackers\u2064 still had access to the treasury&#8217;s\u200c information. in response\u2064 to the allegations, China denied involvement and criticized \u2063the U.S. for spreading\u2062 unfounded accusations. BeyondTrust has also shared its version of the events related to\u2062 the breach.\u200d Further details are expected in a supplemental report from the Treasury \u200bin\u200c the coming weeks.  <\/p>\n<p class=\"readmore\">\n    <button onclick=\"showReadMore()\" id=\"readmorebtn\">Read more&#8230;<\/button>\n<\/p>\n<hr id=\"line\">\n<span id=\"more\"><\/p>\n<p><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><?xml encoding=\"utf-8\" ?><\/p>\n<section> \t\t\t\t<script>console.log(\"ad slot (AC1)\")<\/script><script>console.log(\"ad slot (IC1)\")<\/script><script>console.log(\"ad slot (IC2)\")<\/script><script>console.log(\"ad slot (IC3)\")<\/script><script>console.log(\"ad slot (IC4)\")<\/script><\/p>\n<p>This probably isn&rsquo;t the way that the United States government wanted to spend the waning holidays.<\/p>\n<p>According to an ominous <a href=\"https:\/\/www.reuters.com\/technology\/cybersecurity\/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30\/\" target=\"_blank\" rel=\"noopener\">Reuters<\/a> report, &ldquo;Chinese state-sponsored hackers breached the U.S. Treasury Department&rsquo;s computer security guardrails this month and stole documents in what Treasury called a &lsquo;major incident.&#8217;&rdquo;<\/p>\n<p>Reuters obtained a <a href=\"https:\/\/legacy.www.documentcloud.org\/documents\/25472740-letter-to-chairman-brown-and-ranking-member-scott\/\" target=\"_blank\" rel=\"noopener\">letter<\/a> sent by the <a href=\"https:\/\/www.westernjournal.com\/treasury-department-caves-hands-biden-family-suspicious-activity-reports\/\" target=\"_blank\" rel=\"noopener\">Treasury Department<\/a> detailing just how this <a href=\"https:\/\/www.conservativenewsdaily.net\/breaking-news\/man-pulls-gun-on-pastor-giving-a-sermon-at-church\/\" title=\"A man brandishes a gun at a pastor during a church sermon\">harrowing incident unfolded<\/a>.<\/p>\n<p>In a letter to Sens. Sherrod Brown of Ohio and <a href=\"https:\/\/www.westernjournal.com\/tim-scott-sees-trumps-post-conviction-support-growing-knows-exactly-happening\/\" target=\"_blank\" rel=\"noopener\">Tim Scott<\/a> of South Carolina, the Treasury Department admitted that a &ldquo;third-party&rdquo; contractor basically left the backdoor ajar.<\/p>\n<p>&ldquo;On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,&rdquo; the letter read. &ldquo;With access to the stolen key, the threat actor was able override the service&rsquo;s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.&rdquo;<\/p>\n<p> <script type=\"text\/javascript\"> \t\t\tif ( getCookie( \"ff_subbed\" ) ) { \t\t\t\tdocument.getElementById(\"stnvideo\").remove() \t\t\t} \t\t<\/script> <\/p>\n<p>The letter continued, explaining the measures that the Treasury Department was utilizing to combat this &ldquo;major&rdquo; issue.<\/p>\n<p>&ldquo;Treasury has been working with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence Community, and third-party forensic investigators to fully characterize the incident and determine its overall impact,&rdquo; the letter continued. &ldquo;CISA was engaged immediately upon Treasury&rsquo;s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident.&rdquo;<\/p>\n<p>The letter also cast no aspersion as to whom they think is the responsible party.<\/p>\n<p>&ldquo;Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,&rdquo; it read.<\/p>\n<p>Perhaps most disconcertingly, the letter cannot confirm that the threat actor no longer had access via BeyondTrust, instead saying there was &ldquo;no evidence&rdquo; of lingering maliciousness.<\/p>\n<p>&ldquo;The compromised BeyondTrust service has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information,&rdquo; the letter said. &ldquo;The investments we have made using discretionary appropriations provided under the Cybersecurity Enhancement Account (CEA) have helped ensure we have strong incident processes and access to detailed logs to support our incident response efforts.&rdquo;<\/p>\n<p>The letter, signed by Assistant Secretary for Management at the U.S. Department of the Treasury Aditi Hardikar, also noted that additional &ldquo;details will be made available in our 30-day supplemental report to this notification.&rdquo;<\/p>\n<p>Per Reuters, <a href=\"https:\/\/www.westernjournal.com\/china-rushes-cover-humiliating-naval-loss-satellite-images-show-werent-quick-enough\/\" target=\"_blank\" rel=\"noopener\">China<\/a> has issued a blanket denial that it had anything to do with this hack.<\/p>\n<p>&ldquo;We have repeatedly stated our position on such <a href=\"https:\/\/amzn.to\/3YuVZYV\">groundless accusations lacking evidence<\/a>,&rdquo; one Chinese official told reporters Tuesday, per <a href=\"https:\/\/www.cnn.com\/2024\/12\/30\/investing\/china-hackers-treasury-workstations\/index.html\" target=\"_blank\" rel=\"noopener\">CNN<\/a>. &ldquo;China has always opposed all forms of cyberattacks, and we are even more opposed to spreading false information about China for political purposes.&rdquo;<\/p>\n<p>One Chinese representative from its embassy in Washington took an equally defensive posture when broaching the subject.<\/p>\n<p>That representative took issue with the allegation and &ldquo;firmly opposes the U.S.&rsquo;s smear attacks against China without any factual basis,&rdquo; Reuters reported.<\/p>\n<p>BeyondTrust has proffered its own timeline of events, which can be found <a href=\"https:\/\/www.beyondtrust.com\/remote-support-saas-service-security-investigation\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/p>\n<div style=\"position: relative;\">\n<div class=\"ff-fancy-header-container\"> \t\t\t \t<\/div>\n<div class=\"entry-submit-correction inner-content\">\n<div class=\"correction-form\">\n<form style=\"display: none;\">\n<div class=\"sc-name-field\"> \t\t\t\t\t\t<label>* Name<\/label> \t\t\t\t\t\t<br \/> \t\t\t\t\t\t<input type=\"text\" name=\"name\" required> \t\t\t\t\t<\/div>\n<div class=\"sc--field\"> \t\t\t\t\t\t<label>* <\/label> \t\t\t\t\t\t<br \/> \t\t\t\t\t\t<input type=\"text\" name=\"\" required> \t\t\t\t\t<\/div>\n<p> \t\t\t\t\t<label>* Message<\/label> \t\t\t\t\t<br \/> \t\t\t\t\t<textarea name=\"message\" required><\/textarea> \t\t\t\t\t \t\t\t\t\t<\/p>\n<div class=\"required-message\" style=\"display: none; padding-bottom: 15px;\">* All fields are required.<\/div>\n<p> \t\t\t\t\t<input type=\"submit\" value=\"Submit\" onclick=\"event.preventDefault(); firefly_sc();\"> \t\t\t\t\t \t\t\t\t\t<\/p>\n<div class=\"firefly-sc-confirm\" style=\"display: none;\">Success!<\/div>\n<\/p><\/form>\n<\/p><\/div>\n<\/p><\/div>\n<p> \t\t<script> \t\t\tfunction firefly_sc() { \t\t\t\tif( typeof window.captchaPublicKey==typeof undefined ){ \t\t\t\t\tconsole.error('window.captchaPublicKey is not defined'); \t\t\t\t} \t\t\t\tgrecaptcha.execute( window.captchaPublicKey, { action: 'submit_correction' } ).then( function( token ) { \t\t\t\t\tvar opts={ \t\t\t\t\t\taction:    'firefly_sc_submit', \t\t\t\t\t\tname:      document.querySelector( '.entry-submit-correction [name=\"name\"]' ).value, \t\t\t\t\t\t:     document.querySelector( '.entry-submit-correction [name=\"\"]' ).value, \t\t\t\t\t\tmessage:   document.querySelector( '.entry-submit-correction [name=\"message\"]' ).value, \t\t\t\t\t\tpost_id:   firefly_post_id, \t\t\t\t\t\tcap_token: token \t\t\t\t\t}  \t\t\t\t\tvar inputs=[ 'name', '', 'message' ];  \t\t\t\t\tfor( var i=0; i <inputs.length; i++ ) if( ! ( opts[inputs[i]]=document.querySelector( '.entry-submit-correction [name=\"' + inputs[i] + '\"]' ).value ) ) { \t\t\t\t\t\tdocument.querySelector( '.entry-submit-correction .required-message' ).style.display='block'; \t\t\t\t\t\treturn; \t\t\t\t\t}  \t\t\t\t\tdocument.querySelector( '.entry-submit-correction input[type=\"submit\"]' ).style.display='none'; \t\t\t\t\tdocument.querySelector( '.entry-submit-correction .firefly-sc-submitting-img' ).src=firefly_loading_gif_url; \t\t\t\t\tdocument.querySelector( '.entry-submit-correction .firefly-sc-submitting-img' ).style.display='inline-block';  \t\t\t\t\tconsole.log( 'ma subbing' );  \t\t\t\t\tif( firefly_post_id ) opts['post_id']=firefly_post_id;  \t\t\t\t\t\/* Send the data using post with element id name and name2*\/ \t\t\t\t\tvar posting=jQuery.post( firefly_ajax_url, opts );  \t\t\t\t\t\/* Alerts the results *\/ \t\t\t\t\tposting.done( function( response ) { \t\t\t\t\t\tif( response.success ) { \t\t\t\t\t\t\tconsole.log( response.data ); \t\t\t\t\t\t\tdocument.querySelector( '.entry-submit-correction .firefly-sc-submitting-img' ).style.display='none'; \t\t\t\t\t\t\tdocument.querySelector( '.entry-submit-correction .firefly-sc-confirm' ).style.display='block';  \t\t\t\t\t\t\tdataLayer.push( { 'event': 'submit-correction' } ); \t\t\t\t\t\t} \t\t\t\t\t}); \t\t\t\t}); \t\t\t} \t\t<\/script> \t     \t\t\t\t\t\t     \t\t\t\t\t<\/div>\n<p style=\"border: 1px solid #f5f5f5; padding: 16px;\">Advertise with The Western Journal and reach millions of highly engaged readers, while supporting our work. <a href=\"https:\/\/www.westernjournal.com\/advertise-us\/?wj_source=article\">Advertise Today<\/a>.<\/p>\n<p><script>console.log(\"ad slot (BA1)\")<\/script> \t\t<\/p>\n<div class=\"ff-fancy-header-container\"> \t\t\t \t<\/div>\n<style> \t\t\t \t\t\t.insticator-unit.type-commenting{margin: 0 10px 25px 10px}@media screen and (max-width:1060px){#div-insticator-ad-cmt-1, #div-insticator-ad-cmt-2, #div-insticator-ad-cmt-3, #div-insticator-ad-cmt-4{margin: 0 auto 25px auto !important;}}#div-insticator-ad-cmt-1, #div-insticator-ad-cmt-2, #div-insticator-ad-cmt-3, #div-insticator-ad-cmt-4{height: 280px !important; width: 336px !important} \t\t<\/style>\n<div class=\"insticator-unit type-commenting\">\n<div class=\"insticator-ads\"> \t\t\t\t \t\t\t\t \t\t\t\t<script data-cfasync=\"false\" type=\"text\/javascript\"> \t\t\t\t\tif ( ! getCookie( \"ff_subbed\" ) ) { \t\t\t\t\t\tInsticator.ad.loadAd(\"div-insticator-ad-cmt-1\"); \t\t\t\t\t\tInsticator.ad.loadAd(\"div-insticator-ad-cmt-2\"); \t\t\t\t\t} else { \t\t\t\t\t\tdocument.getElementById(\"div-insticator-ad-cmt-1\").remove() \t\t\t\t\t\tdocument.getElementById(\"div-insticator-ad-cmt-2\").remove() \t\t\t\t\t} \t\t\t\t<\/script> \t\t\t<\/div>\n<div class=\"insticator-ads additional\"> \t\t\t\t \t\t\t\t \t\t\t\t<script data-cfasync=\"false\" type=\"text\/javascript\"> \t\t\t\t\tif ( ! getCookie( \"ff_subbed\" ) ) { \t\t\t\t\t\tInsticator.ad.loadAd(\"div-insticator-ad-cmt-3\"); \t\t\t\t\t\tInsticator.ad.loadAd(\"div-insticator-ad-cmt-4\"); \t\t\t\t\t} else { \t\t\t\t\t\tdocument.getElementById(\"div-insticator-ad-cmt-3\").remove() \t\t\t\t\t\tdocument.getElementById(\"div-insticator-ad-cmt-4\").remove() \t\t\t\t\t} \t\t\t\t<\/script> \t\t\t<\/div>\n<\/p><\/div>\n<\/section>\n<p><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This likely isn&#8217;t how the U.S. government intended to spend the end of the holidays. A troubling report from Reuters states that &#8220;Chinese state-sponsored hackers infiltrated the U.S. Treasury Department&#8217;s computer security this month and stole documents in what Treasury described as a &#8216;major incident.'&#8221; The report includes a letter from the Treasury Department outlining how this serious breach occurred<\/p>\n","protected":false},"author":1,"featured_media":2385105,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mo_disable_npp":"","fifu_image_url":"https:\/\/www.westernjournal.com\/wp-content\/uploads\/2024\/12\/Chinese-Hacking.jpg","fifu_image_alt":"","footnotes":""},"categories":[],"tags":[47672,19536,34803,47673,35785],"class_list":["post-2385104","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-chinese-hackers","tag-cybersecurity","tag-data-breach","tag-major-incident","tag-us-government"],"fifu_image_url":"https:\/\/www.westernjournal.com\/wp-content\/uploads\/2024\/12\/Chinese-Hacking.jpg","_links":{"self":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/2385104","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/comments?post=2385104"}],"version-history":[{"count":3,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/2385104\/revisions"}],"predecessor-version":[{"id":2385108,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/posts\/2385104\/revisions\/2385108"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media\/2385105"}],"wp:attachment":[{"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/media?parent=2385104"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/categories?post=2385104"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.conservativenewsdaily.net\/breaking-news\/wp-json\/wp\/v2\/tags?post=2385104"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}