Government Chinese hackers penetrated the US Department of Finance, receiving Access to 419 computers of employees and manuals involved in sanctions, international issues and intelligence. This is stated in the report of the department with which I got acquainted Bloomberg News.
Attackers received user accounts and access to more than 3,000 files on non -classified personal computers. Among the stolen information were documents regarding politics, trips, organizational schemes, materials on sanctions, foreign investments and data with a note “for official use”. At the same time, evidence of hacking of secret systems or postal ministry was not found.
Hackers also received materials from the Investigations of the Foreign Investment Committee (CFIUS), which evaluates the national Security real estate transactions and foreign investments. The report confirms that the attack was associated with the Chinese group Silk Typhoon (UNC5221). Hackers acted out of working time to avoid detection.
According to the ministry, the invasion lasted from late September to mid -November. Cybercriminals showed the greatest interest in the management of foreign assets control, the management of international relations and the intelligence management and . It is noted that hackers focused on certain senior officials. Attackers also gained access to personal financial documents of employees, including banking and insurance data.
The Ministry quickly notified CISA after confirmation incident and then attracted FBI and other departments for investigation. Despite the fact that there is no evidence of a long stay of hackers in systems, the investigation continues, including the assessment of damage.
Contractor Beondtrust, through the nets of which a hack occurred, was disconnected from the system. Beondtrust had contracts with the federal government worth more than $ 4 million. Now the ministry is considering the possibility of replacing the contractor, despite the lack of direct evidence of security deficiencies from Beondtrust.
Recall that in December CISA included in its catalog of well -known exploited vulnerabilities (KEV) a critical problem in the products of Beondtrust Privileged Remote Access (Pra) and Remote Support (RS), which is already used by attackers. It is still unclear whether this error has become a vector of compromise of the Ministry of Finance. The investigation continues.