The U.S. Treasury Department has disclosed that a Chinese “threat actor” has hacked into workstations and overridden security measures. The Assistant Secretary for Management at Treasury Aditi Hardikar informed the Senate that Treasury found out December 8 about the breach. Notice that the incompetent fraud Janet Yellen didn’t have the courage to inform the Senate. Boys, girls and even you non-gendered, non-binary types, we are going to have to pray that Donald Trump, J.D. Vance and Treasury designee Scott Bessent get moving at 12:01 on January 20, 2025. We are in bigly trouble.

I went looking through the Victory Girls Blog archives to see what we had written about Chinese hackers in the past. Shazam! Our Nina wrote “Chinese Hackers Steal Federal Gov’t Data Again” and that was going on a decade ago. She wrote:

Here is what they/we are up against. China is, by far, one of the biggest and most virulent aggressors against the U.S. in terms of cyber warfare. They are and will be using any information they can get their grubby internet hands on for current and future blackmail – diplomatic or otherwise against this country. Think I’m exaggerating? Nope, its called leverage and the Chinese will use any means necessary to gain the leverage they want.

All of the above is now EXTRA valid. Ten years later.

Here are the major points from the New York Times:

A state-sponsored actor in China hacked the U.S. Treasury Department, gaining access to the workstations of government employees and unclassified documents, the Biden administration said on Monday.

The announcement comes after revelations in recent months that China had penetrated deep into U.S. telecommunications systems, gaining access to the phone conversations and text messages of U.S. officials and others.

In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”

Ow, reading that made the backs of my teeth hurt. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.” Really, dudes? How many idiots did you need to figure that out? And it was a “major cybersecurity incident”. Shazam, again. All of us should be spitting mad right now. I am.

Grasp this from the New York Post:

News of the hack comes amid heightened concerns about the Chinese hacking group Salt Typhoon.

Salt Typhoon is alleged to have been behind a sweeping telecommunications system hack revealed over the summer that allegedly gave Beijing access to communications by President-elect Donald Trump, Vice President-elect JD Vance and others.

China has also hacked other critical government departments in the past.

Last year, for instance, Microsoft revealed that a “China-based actor” hacked into accounts affecting over two dozen organizations, including the US State and Commerce Departments.

Treasury Secretary Janet Yellen traveled to Beijing last year where she caused a stir by bowing to her counterpart as part of a Biden administration effort to mend fences with China.

She also traveled to China in April of this year.

Trade disputes between China and the US are expected to heat up under the incoming Trump administration.

Well then, I guess we better get our shite together.

I have been boning up on multifactor authentication and end to end encryption but I don’t know why I bother. The government’s putting it all out there. I found this “old” news about BeyondTrust from bleepingcomputer.com:

Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances.

BeyondTrust is a cybersecurity company specializing in Privileged Access Management (PAM) and secure remote access solutions. Their products are used by government agencies, tech firms, retail and e-commerce entities, healthcare organizations, energy and utility service providers, and the banking sector.

In other words, all of our data is vulnerable. More:

As part of the company’s investigation into the attack, it discovered two vulnerabilities, one on December 16th and the other on the 18th.

The first one, tracked as CVE-2024-12356, is a critical command injection flaw impacting the Remote Support (RS) and Privileged Remote Access (PRA) products.

“Successful exploitation of this vulnerability can allow an unauthenticated, remote attacker to execute underlying operating system commands within the context of the site user,” reads the description of the flaw.

The second issue, tracked as CVE-2024-12686, is a medium-severity vulnerability on the same products, allowing attackers with admin privileges to inject commands and upload malicious files on the target.

Although not explicitly mentioned, it’s possible that the hackers leveraged the two flaws as zero days to gain access to BeyondTrust systems or as part of their attack chain to reach customers.

However, BeyondTrust has not marked the flaws as actively exploited in either advisory.

According to the New York Times article, people from Treasury were in China earlier this month. That’s not worrying at all:

Chinese officials have long denied any government role in hacking, and have set up dialogues with the United States to work together on cybersecurity. Earlier this month, officials from the Treasury Department traveled to China for a round of meetings of their economic and financial working groups, which cover collaboration on cybersecurity issues.

They were only unclassified documents. Oh, okay? Jeebus. January 20 cannot get here soon enough.

Featured Image: Mohit Singh/Wikimedia Commons.org/cropped/Creative Commons 3.0