American officials have reported that Chinese hackers breached US Treasury systems on Monday, gaining access to workstations and documents in a significant cybersecurity incident.
The attack was carried out using a security override linked to a key from BeyondTrust, a third-party service provider offering remote technical support to Treasury employees.
Officials confirmed that the compromised service has been taken offline, and there is no evidence of continued access to the Treasury’s information.
The breach was first detected on December 2, but it took three days for BeyondTrust to confirm the suspicious activity as a hack. The Treasury Department was officially notified on December 8. A spokesperson stated that the hackers accessed several user workstations and some unclassified documents, though the exact nature and sensitivity of the files have not been disclosed.
Investigators believe the attack was carried out by a China-based Advanced Persistent Threat (APT) actor. Treasury officials clarified in their letter that, in line with departmental policy, APT-related intrusions are automatically classified as major cybersecurity incidents.
The Treasury Department has been working with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and third-party forensic investigators to assess the full impact of the breach. The department emphasized its commitment to protecting its systems and data from external threats, stressing that it takes such incidents “very seriously.”
While the breach seems to have been an act of espionage rather than an attempt at financial theft, officials warned that the hackers might have been able to create accounts or alter passwords during the three days they remained undetected.
The department assured lawmakers that a supplemental report on the breach would be provided within 30 days, offering additional details on the incident and its potential implications.
In response to the allegations, Liu Pengyu, a spokesperson for the Chinese embassy in Washington, dismissed the claims as baseless and politically motivated.
“The US needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.
“The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,” Liu stated.
This breach is the latest in a series of high-profile cyberattacks linked to Chinese espionage hackers. Earlier in December, another attack targeted telecommunications companies, potentially compromising phone record data across the United States.
