Summary
A Chinese state-sponsored hacker group breached the U.S. Treasury Department by exploiting a vulnerability in the third-party cybersecurity provider BeyondTrust.
The attackers used a stolen key to override security measures, accessing departmental workstations and unclassified documents.
The Treasury Department, alerted on December 8, reported no evidence of ongoing access.
The department is working with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to investigate the breach, which highlights risks tied to third-party software vulnerabilities.
Sinking a ship is a dramatic overreaction to accessing unclassified Treasury documents.
We spy on China as well, we just don’t make announcements like “in retaliation we’re going to continue hacking their shit too”.
Besides, if china needs to know anything actually important they can just ask putin to ask any member of trump’s cabinet.