Chinese State-Sponsored Hacking Team Suspected in Treasury Department Cyberattack
Supply Chain Attack Targets US Government
“This fits a pattern of Chinese state-sponsored hacking teams using the supply chain to go after the US government” said David Shipley, CEO and cofounder of Beauceron Security, in an email. “This follows highly successful attacks against Microsoft’s productivity cloud solution, and previous Russia-linked attacks on the US government using Microsoft 365 and before that, SolarWinds.”
Incident Response Underway
Treasury’s letter noted that the affected service had been taken offline, and that the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence community, and third-party forensic investigators are working to “fully characterize the incident and determine its overall impact.”
Uncovering the Motives Behind the Attack
“What’s intriguing is what they might’ve been after,” Shipley observed. “What is this, just plain old spying? Or were they trying to lay the groundwork to maintain persistence and disrupt US government operations? I’d be less worried if it’s just plain vanilla spying.”
FAQs
Q: What is the nature of the attack?
A: The attack is believed to be a supply chain attack, where hackers used a service to gain access to the US Treasury Department’s systems.
Q: Who is suspected of carrying out the attack?
A: Chinese state-sponsored hacking teams are suspected of carrying out the attack.
Q: What is the extent of the damage?
A: The extent of the damage is not yet fully understood, as the incident is still being investigated. However, it is believed that the affected service has been taken offline to prevent further compromise.
Q: What is being done to respond to the attack?
A: A multi-agency effort is underway to respond to the attack, involving CISA, the FBI, the Intelligence community, and third-party forensic investigators.
