In a significant cybersecurity breach, a Chinese state-sponsored hacker infiltrated the systems of the US Treasury Department, gaining access to employee workstations and some unclassified documents, American officials revealed on Monday. The breach, described as a “major incident,” occurred in early December and was disclosed to lawmakers in a letter from the Treasury Department.
The attack was facilitated through a security override using a key associated with BeyondTrust, a third-party service provider offering remote technical support to the department’s employees. Officials stated that the compromised service has since been taken offline, and there is no evidence suggesting continued access to the Treasury’s information.
The breach was initially detected on December 2, but it took three days for BeyondTrust to confirm the suspicious activity as a hack. The Treasury Department was officially notified on December 8. According to a spokesperson, the hackers accessed several user workstations and certain unclassified documents, though the exact nature and sensitivity of the files remain undisclosed.
Investigators believe the attack was conducted by a China-based Advanced Persistent Threat (APT) actor. Treasury officials explained in their letter that, per departmental policy, APT-related intrusions are automatically categorised as major cybersecurity incidents.
The Treasury Department has been collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and third-party forensic investigators to assess the overall impact of the breach. The department emphasised its commitment to safeguarding its systems and data from external threats, noting that it takes such incidents “very seriously.”
While the breach appears to have been an act of espionage rather than a financial theft attempt, officials cautioned that hackers may have been able to create accounts or alter passwords during the three-day period they remained undetected.
The department assured lawmakers that a supplemental report on the breach would be submitted within 30 days, offering further insights into the incident and its implications.
Responding to the allegations, Liu Pengyu, a spokesperson for the Chinese embassy in Washington, dismissed the claims as baseless and politically motivated.
“The US needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,”
“The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,” Liu stated. He also called for a “professional and responsible attitude” in attributing cyber incidents, underscoring the challenges of tracing their origins.
This breach marks the latest in a series of high-profile cyberattacks attributed to Chinese espionage hackers. Earlier in December, another hack targeted telecommunications companies, potentially compromising phone record data across the United States.
The incident highlights the persistent vulnerabilities in critical US government systems and the growing sophistication of state-sponsored cyber threats. As investigations continue, the Treasury Department and other agencies face mounting pressure to enhance their cybersecurity measures and safeguard sensitive national information.
Melissa Enoch
Follow us on: