Treasury Department Cyber Security Threats: Comments on Salt Typhoon Attack and a Search for Russian Cyber-Scale Vulnerabilities

The US Treasury Department had a hack earlier this month which allowed attackers to remotely access some computers and certain unclassified documents, it was revealed on Monday.

The department took seriously all threats against their systems and the data it held. The last four years have seen the Treasury strengthen its cyber defense and we will work with both private and public sector partners to protect the financial system.

The revelation comes as U.S. officials are continuing to grapple with the fallout of a massive Chinese cyberespionage campaign known as Salt Typhoon that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans. A top White House official said Friday that the number of telecommunications companies confirmed to have been affected by the hack has now risen to nine.

The Chinese state sponsored an Advanced Persistent Threat actor was responsible for exploiting vulnerabilities in remote tech support software provided by BeyondTrust, the Treasury said in a letter to lawmakers. The disclosures and their contents were reported by the news agency.

The compromised service has been taken offline and there’s no evidence that the hackers still have access to department information, Aditi Hardikar said in a letter to the Senate Banking Committee.

The Department of Homeland Security was working with the FBI and other entities to investigate the impact of the hack, which was attributed to Chinese state-sponsored culprits. It didn’t elaborate.

There are two vulnerabilities that have been used in the situation, the critical command injection vulnerability and the medium-severity command injection vulnerability. CISA added the former CVE to its “Known Exploited Vulnerabilities Catalog” on December 19. Command injection vulnerabilities can be used to gain access to a target’s systems.