Alleged state-sponsored Chinese hackers have infiltrated the US Treasury, gaining access to unclassified documents and certain workstations used by government employees, according to a letter sent by the department to lawmakers on Monday.
The Treasury was alerted to the breach on December 8 by BeyondTrust, a third-party software service provider. The hackers obtained a security key used by the vendor to secure a cloud-based service that remotely provides technical support for Treasury Departmental Offices (DO) end users. With this key, the perpetrators were able to override the service’s security, remotely access specific workstations, and gain access to unclassified documents maintained on those systems.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” the Treasury stated in a formal letter dated December 30.
The department classified the breach as a major cybersecurity incident, and is collaborating with the FBI, the broader intelligence community, and other investigators to assess the impact. The compromised service has been taken offline, and there is no evidence that the perpetrators still have access to Treasury information.
A spokesperson for the Treasury Department emphasized the seriousness with which they treat such threats and their commitment to working with both private and public sector partners to protect the financial system, according to the New York Times. More details about the intrusion will be provided in a 30-day supplemental report to Congress.
This incident follows recent reports of a breach by a separate alleged Chinese hacking group known as Salt Typhoon, which penetrated deep into US telecommunications systems. The hackers gained access to the phone conversations and text messages of US officials, reportedly including those of President-elect Donald J. Trump and Vice President-elect JD Vance, in what was described as “the largest telecommunications hack in our nation’s history.”
The Salt Typhoon breach targeted the networks of major telecommunications companies such as AT&T, Verizon, and Lumen. This access provided the hackers with valuable insights into US surveillance operations, including a nearly complete list of phone numbers that the Justice Department has wiretapped to monitor individuals suspected of crimes or espionage.
Beijing has consistently dismissed hacking accusations from Washington. Earlier this month, the Chinese Foreign Ministry stated that the US uses hacking claims to vilify China and justify unilateral sanctions.
“We urge the US to stop using cybersecurity issues to smear and vilify China and to cease imposing illicit unilateral sanctions,” Chinese Foreign Ministry spokesperson Mao Ning stated.