Description: A breach in early December 2024 at the US Treasury Department involved remote access by hackers to Treasury computers, compromising certain unclassified documents. By exploiting vulnerabilities in remote support software from BeyondTrust, identified as CVE-2024-12356 and CVE-2024-12686, attackers stole an authentication key, enabling system access. Despite the breach being attributed to a Chinese state-sponsored APT actor, no ongoing access was found. The incident sparked collaborations with FBI, CISA, and intelligence agencies for a comprehensive evaluation.

Description: An Advanced Persistent Threat group, suspected to be linked to the Chinese government, exploited vulnerabilities in BeyondTrust's software, resulting in a major breach of the Treasury Department. Authentication key theft allowed access to department computers with 'certain unclassified documents' compromised. The impact of this breach sees confidential governmental operations exposed, though classified as unclassified, could endanger financial stability or lead to further undisclosed consequences.

Description: The US Treasury Department experienced a security breach where attackers exploited vulnerabilities in BeyondTrust's remote tech support software, leading to unauthorized access to Treasury computers and certain unclassified documents. Attackers stole an authentication key, compromising unclassified data. The incident was linked to a China state-sponsored APT actor. While the compromised service was taken offline, the breach was classified as a major cybersecurity incident, prompting collaboration with the FBI, CISA, and the intelligence community for investigation.

Description: The United States Treasury suffered a 'major' breach when an Advanced Persistent Threat group, believed to be linked to the Chinese government, exploited flaws in BeyondTrust software. The attackers stole an authentication key, gaining access to department computers and managing to steal 'certain unclassified documents'. While classified as unclassified, the breach's full extent and subsequent risks, such as exposure to financial manipulations and international diplomatic consequences, are still under assessment.

Description: The breach of the US Treasury by Chinese hackers, including 12 individuals indicted by the Department of Justice, resulted in significant data compromise. Over a three-month period, at least 400 PCs were infiltrated leading to the theft of more than 3,000 files. This attack highlights the risk posed by autonomous state-sponsored hacking groups who target and steal sensitive information from high-profile international entities, selling it to government clients for strategic advantages.

Description: Companies suffered as a result of hacking attacks against US federal entities, affected departments included the US Department of Homeland Security, the Department of Commerce, and the Department of the Treasury. Early this year, Iranian government-sponsored hackers, including the FBI and CISA, gained access to a network of an unnamed US federal agency and used the Log4Shell vulnerability to install crypto miners and use stolen passwords. According to the advisory, "Cyber threat actors advanced to the domain controller (DC), compromised credentials, implanted Ngrok reverse proxies on multiple hosts to maintain persistence, and then exploited the Log4Shell vulnerability in an unpatched VMware Horizon server to install XMRig crypto mining software.

Description: The US Treasury experienced a significant cyberespionage campaign resulting in the penetration of at least 400 of its PCs and the theft of over 3,000 files. Though hackers targeted sanctions and law-enforcement related information, they did not obtain access to emails or classified network segments, nor was long-term access malware identified. The scope of intrusion by Chinese state-sponsored hackers, including efforts by Salt Typhoon, suggests a focus on espionage without immediate financial or personal data leak but potential long-term strategic implications.