The US Treasury Department was breached by Chinese state-sponsored hackers, who gained access to unclassified documents, in what the organisation called a “major cyber security incident”, according to a letter sent to the Congress on Monday.
The Treasury said a third-party software provider, BeyondTrust, had notified it of the breach.
The hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users”, the letter seen by Bloomberg and Reuters, said.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The Treasury department said it was working with the US Cybersecurity and Infrastructure Security Agency, the FBI and third-party forensic investigators.
BeyondTrust said it has been supporting the investigative efforts.
The Chinese Embassy in Washington dismissed the allegations and said the “US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat”.
“The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury representative told Bloomberg.
Cyber security issues globally have been rising sharply, led by an increasing number of ransomware attacks targeting government services and other critical sectors in many countries, the 2024 Global Cybersecurity Index released by the UN's International Telecommunication Union in September.
The global average cost of a data breach was estimated at $4.45 million last year, it said.
The US is already carrying out an investigation into what has become known as the Salt Typhoon cyber breach, flagged by officials in early December. The US has accused China of sponsoring the attack that infiltrated US communications companies and potentially left American consumers vulnerable.
Initially, officials said eight US companies had been affected, but that number has since risen to nine.
US companies need to enact critical infrastructure changes and update basic cyber security practices, Anne Neuberger, deputy national security adviser for cyber and emerging technology, told media on Friday.
“What we've learnt from the investigation is that there's several categories of things that are needed in this space: better management of configuration, better vulnerability management of networks, better work across the telecom sector to share information when incidents occur,” she said.
Voluntary commitments by companies were inadequate, she said, and explained that the administration would be seeking bipartisan support from the Federal Communications Commission (FCC) to ensure compliance from telecoms companies.
With inputs from Bloomberg and Reuters
UAE currency: the story behind the money in your pockets
Dengue%20fever%20symptoms
%3Cul%3E%0A%3Cli%3EHigh%20fever%3C%2Fli%3E%0A%3Cli%3EIntense%20pain%20behind%20your%20eyes%3C%2Fli%3E%0A%3Cli%3ESevere%20headache%3C%2Fli%3E%0A%3Cli%3EMuscle%20and%20joint%20pains%3C%2Fli%3E%0A%3Cli%3ENausea%3C%2Fli%3E%0A%3Cli%3EVomiting%3C%2Fli%3E%0A%3Cli%3ESwollen%20glands%3C%2Fli%3E%0A%3Cli%3ERash%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Cp%3EIf%20symptoms%20occur%2C%20they%20usually%20last%20for%20two-seven%20days%3C%2Fp%3E%0A
if you go
The flights
Emirates offer flights to Buenos Aires from Dubai, via Rio De Janeiro from around Dh6,300. emirates.com
Seeing the games
Tangol sell experiences across South America and generally have good access to tickets for most of the big teams in Buenos Aires: Boca Juniors, River Plate, and Independiente. Prices from Dh550 and include pick up and drop off from your hotel in the city. tangol.com
Staying there
Tangol will pick up tourists from any hotel in Buenos Aires, but after the intensity of the game, the Faena makes for tranquil, upmarket accommodation. Doubles from Dh1,110. faena.com
What can victims do?
Always use only regulated platforms
Stop all transactions and communication on suspicion
Save all evidence (screenshots, chat logs, transaction IDs)
Report to local authorities
Warn others to prevent further harm
Courtesy: Crystal Intelligence
Most F1 world titles
7 — Michael Schumacher (1994, ’95, 2000, ’01 ’02, ’03, ’04)
7 — Lewis Hamilton (2008, ’14,’15, ’17, ’18, ’19, ’20)
5 — Juan Manuel Fangio (1951, ’54, ’55, ’56, ’57)
4 — Alain Prost (1985, ’86, ’89, ’93)
4 — Sebastian Vettel (2010, ’11, ’12, ’13)
The smuggler
Eldarir had arrived at JFK in January 2020 with three suitcases, containing goods he valued at $300, when he was directed to a search area.
Officers found 41 gold artefacts among the bags, including amulets from a funerary set which prepared the deceased for the afterlife.
Also found was a cartouche of a Ptolemaic king on a relief that was originally part of a royal building or temple.
The largest single group of items found in Eldarir’s cases were 400 shabtis, or figurines.
Khouli conviction
Khouli smuggled items into the US by making false declarations to customs about the country of origin and value of the items.
According to Immigration and Customs Enforcement, he provided “false provenances which stated that [two] Egyptian antiquities were part of a collection assembled by Khouli's father in Israel in the 1960s” when in fact “Khouli acquired the Egyptian antiquities from other dealers”.
He was sentenced to one year of probation, six months of home confinement and 200 hours of community service in 2012 after admitting buying and smuggling Egyptian antiquities, including coffins, funerary boats and limestone figures.
For sale
A number of other items said to come from the collection of Ezeldeen Taha Eldarir are currently or recently for sale.
Their provenance is described in near identical terms as the British Museum shabti: bought from Salahaddin Sirmali, "authenticated and appraised" by Hossen Rashed, then imported to the US in 1948.
- An Egyptian Mummy mask dating from 700BC-30BC, is on offer for £11,807 ($15,275) online by a seller in Mexico
- A coffin lid dating back to 664BC-332BC was offered for sale by a Colorado-based art dealer, with a starting price of $65,000
- A shabti that was on sale through a Chicago-based coin dealer, dating from 1567BC-1085BC, is up for $1,950
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
Brief scoreline:
Wolves 3
Neves 28', Doherty 37', Jota 45' 2
Arsenal 1
Papastathopoulos 80'
Tearful appearance
Chancellor Rachel Reeves set markets on edge as she appeared visibly distraught in parliament on Wednesday.
Legislative setbacks for the government have blown a new hole in the budgetary calculations at a time when the deficit is stubbornly large and the economy is struggling to grow.
She appeared with Keir Starmer on Thursday and the pair embraced, but he had failed to give her his backing as she cried a day earlier.
A spokesman said her upset demeanour was due to a personal matter.
