CISA says recent government hack limited to US Treasury
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies.
"At this time, there is no indication that any other federal agencies have been impacted by this incident," CISA said. "CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response."
The Treasury Department disclosed last Monday that Chinese government hackers breached its network in what it described as a "major cybersecurity incident" after compromising a BeyondTrust instance used by the federal agency using a stolen Remote Support SaaS API key.
In a letter to Congress, the agency said its remote support provider, BeyondTrust, first notified it of the breach on December 8th.
"Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor. In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident," the letter added.
Since then, U.S. officials have revealed that the attackers specifically targeted the Office of Foreign Assets Control (OFAC), which administers and enforces trade and economic sanctions programs, likely to collect intelligence on what Chinese individuals and organizations the U.S. might consider sanctioning.
The hackers also breached the Treasury's Office of Financial Research, but the full impact of the attack is still being assessed. However, officials said there was no evidence that the Chinese state hackers maintained access to the agency's systems after shutting down the compromised BeyondTrust instance.
"The security of federal systems and the data they protect is of critical importance to our national security," the U.S. cybersecurity agency added today.
"We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate."
EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets
China's Salt Typhoon Adds Charter, Windstream to Telecom Victim List
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
CWE-525 Use of Web Browser Cache Containing Sensitive Information
CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CWE-534 DEPRECATED: Information Exposure Through Debug Log Files
CWE-69 Improper Handling of Windows ::DATA Alternate Data Stream
CWE-162 Improper Neutralization of Trailing Special Elements
Free online web security scanner