拜登政府称中国黑客入侵美国财政部
2024年12月31日
A state-sponsored actor in China hacked the U.S. Treasury Department, gaining access to the workstations of government employees and unclassified documents, the Biden administration said on Monday.
拜登政府周一表示,一名由中国官方支持的黑客入侵了美国财政部,获取了政府雇员电脑系统和非机密文件的访问权限。
The announcement comes after revelations in recent months that China had penetrated deep into U.S. telecommunications systems, gaining access to the phone conversations and text messages of U.S. officials and others.
在此之前,近几个月有消息称,中国深度渗透美国电信系统,获取了美国官员及其他人的电话通话和短信记录。
In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them.
在一封向立法者通报此事的信函中,财政部表示,12月8日接到第三方软件服务公司BeyondTrust的通知,称黑客获取了安全密钥,该密钥允许其远程访问财政部的某些计算机工作站以及里面的文件。
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”
“根据现有的迹象,这一事件被归因于一个中国国家支持的高级持续威胁(APT)行为者,”信中写道。“根据财政部政策,与APT相关的入侵被视为重大网络安全事件。”
The Treasury Department said it had worked with the F.B.I., the intelligence community and other investigators to determine the impact of the breach. The compromised service had been taken offline, and there is no evidence that the Chinese state actor still has access to Treasury information, the department said.
财政部表示,它已与联邦调查局、情报界和其他调查方合作,以确定此次入侵的影响。遭入侵的服务已被下线,目前没有证据表明中国国家支持的行为者仍然能够访问财政部的信息。
In a statement, a Treasury spokesman said that the department took threats against its systems and the data they hold very seriously, and that it would continue to work with the private sector and government agencies to protect the financial system from hacking.
财政部的一名发言人在声明中表示,该部门非常重视对其系统及所持有数据的威胁,并将继续与私营部门和政府机构合作,保护金融系统免受黑客攻击。
The Treasury Department did not clarify when the episode took place but said it would reveal more details in a forthcoming report to Congress.
财政部未明确说明此次事件的具体时间,但表示将在即将提交给国会的报告中披露更多细节。
Chinese officials have long denied any government role in hacking, and have set up dialogues with the United States to work together on cybersecurity. Earlier this month, officials from the Treasury Department traveled to China for a round of meetings of their economic and financial working groups, which cover collaboration on cybersecurity issues.
长期以来,中国官员始终否认政府参与任何黑客活动,并与美国建立了网络安全合作对话。本月早些时候,财政部官员前往中国,参加经济和金融工作组会议,它的议题就涵盖了网络安全问题的合作。
Recent reports of a separate breach of U.S. telecommunications systems by a Chinese hacking group nicknamed Salt Typhoon have raised concerns about the vulnerability of U.S. systems.
最近有消息称,一个被称为“盐台风”的中国黑客组织入侵美国电信系统,这进一步引发了对美国系统脆弱性的担忧。
Microsoft’s cybersecurity team discovered that hacking this summer, which targeted the networks of AT&T, Verizon and Lumen. It gave Salt Typhoon, a group that is thought to be closely linked to China’s Ministry of State Security, access to conversations held by Donald J. Trump and JD Vance, among other Americans.
微软的网络安全团队在今年夏天发现了这次针对AT&T、威瑞森和Lumen网络的黑客攻击。此次攻击让与中国国家安全部关系密切的“盐台风”组织能够访问包括特朗普和万斯在内的多名美国人士的通话记录。
The Salt Typhoon hackers also obtained a nearly complete list of phone numbers the Justice Department has wiretapped to monitor people suspected of crimes or espionage, giving the Chinese government insight into which Chinese spies the United States has identified.
“盐台风”黑客还获取了一份几乎完整的美国司法部监听电话号码清单,它们是用来监控涉嫌犯罪或间谍活动人员的。这使得中国政府可以了解美国已经发现了哪些中国间谍。
In response to that hack, the Commerce Department said earlier this month that it would ban the few remaining operations of China Telecom, one of the country’s biggest communications firms, from the United States.