Updated: Treasury Dept. site hacked, taken down

A Treasury Department webpage was among a series of websites hosted by a private company that were reprogrammed recently to install malware on unsuspecting visitors' computers. 

Treasury officials have since taken down those compromised sites, all affiliated with the U.S. Bureau of Engraving and Printing (BEP). But that was only after those webpages re-routed an unknown number of unsuspecting visitors to another site in the Ukraine that is notorious for installing malicious software on users' computers.

ADVERTISEMENT
The attack primarily targeted a cloud computing company that hosted both the BEP's sites as well as a host of other, private webpages. It is not clear when the website was first compromised, but the Treasury Department's Government Security Operations Center first learned of the problem on Monday. 

"Through discussions with the provider, BEP is aware of the remediation steps required to restore the site and is currently working toward resolution," according to a spokeswoman at the Treasury Department. 

Security firm AVG first called attention to the cyberattack on the bep.gov, bep.treas.gov and moneyfactory.gov Web addresses on Monday. All of those domains -- as well as moneyfactory.com, which Treasury said Tuesday was also affected -- point to the BEP's central online hub.

While Treasury addressed the hack by disabling all three infected webpages, AVG warned visitors at the time that the attack "could easily come back to life." They consequently warned users not to "mess" with the three webpages.

But Monday's attack is only bound to bolster some lawmakers' calls for a tougher federal cybersecurity regime. Many members of Congress have clamored recently for new federal agencies, practices and penalties designed to deal with emerging national and international threats to the country's essential computer systems, some of which -- like the Treasury's page -- have migrated to the cloud recently.