Last month, the Department of Treasury confirmed that there had been a significant cyber incident on its network. State-backed cyber criminals have been able to breach the part of the Treasury Department that handles trade and economic sanctions known as the Office of Foreign Assets Control (OFAC). The hackers also hacked another office within the government organization, the Office of Financial Research (OFR).

Attack to gain information on Chinese individuals and entities

The attack was initially discovered on December 8th, when the hackers exploited a loophole in a remote support software provider called Beyond Trust. The state-sponsored criminals essentially gained access to a large number of files owned by the office. It is believed that the hackers have been trying to collect intelligence on Chinese individuals and entities that are about to be sanctioned by the US government. 

In a letter sent to the Senate Banking Committee on December 30th, government officials confirmed that the attack was orchestrated by a criminal cyber organization called Advanced Persistent Threat (APT). Aditi Hardikar, Assistant Secretary for Management at the US Department of the Treasury, confirmed that a cyber incident has affected the agency responsible for printing all paper currency and minting coins in the USA. The letter also explained the three-week gap between the loophole’s discovery and the lawmakers’ notification. The government used the time to collaborate with law enforcement agencies, learn more about the extent of the incident, and patch the loopholes.

It is currently unknown how much the hackers have been able to steal as the investigation led by the FBI and the Department of Treasury continues. The breach is believed to have been patched, and the hackers no longer have access to the government finance department. China has denied involvement in the attack and called the allegations “groundless.” There’s a disagreement between the two countries as the US openly blames the state-sponsored hackers for the attack. 

U.S. government working hard to deter cyberattacks

In a statement released on January 3rd, Acting Under Secretary of the Treasury for Terrorism and Financial Intelligence Bradley T. Smith said that the US government is working hard on deterring cyber-attacks and has decided to sanction the Beijing-based cybersecurity company Integrity Technology Group, also known as Integrity Tech. The sanctions do not appear to be related to the Treasury cyber-attack but presents the reason why the Treasury was hacked on a first place.

According to an advisory released by multiple government agencies, including the NSA and FBI, the sanctioned company has controlled and managed a botnet active since mid-2021 and has provided support to hacker organizations such as Flax Typhoon, which is behind attacks on US critical infrastructure sectors, government agencies, media organizations, and universities.