US Treasury Breach – Chinese Hackers Accessed Secretary Janet Yellen’s Computer

Chinese state-sponsored hackers have successfully breached the computer systems of the U.S. Treasury Department, gaining access to Secretary Janet Yellen’s personal computer.

This incident, described as a “major incident” by the Treasury Department, marks one of the most high-profile cyber intrusions targeting a U.S. federal agency in recent years.

The breach, which occurred in December 2024, involved the exploitation of vulnerabilities in third-party software provided by BeyondTrust, a cybersecurity firm specializing in remote access management.

The attackers gained unauthorized access to multiple Treasury Department workstations, including those of Secretary Yellen and her senior officials, Deputy Secretary Wally Adeyemo, and Acting Under Secretary Brad Smith.

According to Bloomberg reports, fewer than 50 files were accessed on Yellen’s computer, while over 3,000 unclassified files across 419 workstations were compromised department-wide.

The hackers reportedly focused on sensitive areas such as sanctions enforcement, intelligence operations, and international financial affairs. However, they failed to penetrate classified systems or email servers, mitigating the potential damage.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

How the Hack Occurred

BeyondTrust’s Remote Support software-as-a-service (SaaS) platform facilitated the breach breach. The attackers exploited a stolen API key and two zero-day vulnerabilities—CVE-2024-12356 and CVE-2024-12686—to bypass security measures and gain privileged access to Treasury systems.

BeyondTrust detected anomalous activity on December 2, confirmed the breach by December 5, and notified the Treasury Department three days later.

Investigations revealed that the attackers worked outside regular business hours to avoid detection and prioritized data collection over disruption. The compromised BeyondTrust service was promptly taken offline once the breach was identified.

The Treasury Department has been collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and external forensic experts to assess the full impact of the intrusion. Officials have assured that there is no evidence of ongoing access by the hackers following mitigation efforts.

In a letter to lawmakers, Treasury officials highlighted concerns about third-party vendor vulnerabilities and pledged to reevaluate their reliance on external cybersecurity providers like BeyondTrust. The department emphasized its commitment to strengthening its cyber defenses in light of this incident.

The Chinese government has denied any involvement in the attack. A spokesperson for China’s Ministry of Foreign Affairs dismissed the allegations as baseless and politically motivated, reiterating China’s opposition to all forms of hacking.

This denial comes amidst heightened tensions between the U.S. and China over cybersecurity issues, including previous breaches attributed to Chinese state-backed groups.

This breach underscores the persistent threat posed by advanced persistent threat (APT) actors linked to nation-states. It also highlights vulnerabilities in third-party software services used by government agencies.

The incident has reignited debates over supply chain security and the need for stricter oversight of external vendors providing critical IT infrastructure.

As investigations continue, lawmakers are expected to scrutinize both the Treasury Department’s cybersecurity protocols and BeyondTrust’s role in enabling this breach.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

The post US Treasury Breach – Chinese Hackers Accessed Secretary Janet Yellen’s Computer appeared first on Cyber Security News.