. . .hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
Hey let’s store the nation’s critical infrastructure documents on Jeff Bezos’ computers! Yay! What a cost savings that will be. And why not send all government communications through Microsoft?! Boy what a load off that will be.
FACEPALM. I still don’t know how AWS, et al, did it, but they have convinced a whole shit-ton of people to believe that using their “cloud” is not only as secure as building and maintaining their own infrastructure, they’ve convinced a lot of people it’s more secure. Because “core competencies”, etc…yeah, let’s de-skill a whole lot of IT people by learning only certain vendor dashboards and think that’s going to work out long term for things like security, DR, BC…
It’s kinda dumb when really, really big tech companies do this, it’s even stupider if government agencies fall for it…
Maybe it’s time for the US govt to start paying high enough wages to recruit tech talent.
i’m sure Elon can bring in some H1B Chinese nationals
They’ll obediently adhere to Musk’s stupid notions of being “hardcore”. Unlike those uppity American citizens, thinking they have any rights or dignity…
It’s weird how, despite the feds being the ones who push security requirements onto the states, the states often have better security in place than the people making the rules…wtf
First of all, I’m not buying that states have better security. But, most of all I’d say that the US government have much larger networks with much more important data. Which is what the hackers want.
They were breached via a compromised security vendor
And why would that security vendor have access to actual documents? Opsec failed.
They didn’t. They had access to workstations which were then compromised in turn.
The Boyz from Beijing are at it again
