Hackers sponsored by China breached the US Treasury Department’s computer security in early December and stole documents, senior Treasury officials have revealed.
In a letter to lawmakers shared with Reuters on Monday, Treasury officials described the cyber intrusion as a “major incident.”
The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.
ALSO SEE: China’s Chipmaking Skills 10-15 Years Behind West: ASML CEO
According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The Treasury Department said it was alerted to the breach by BeyondTrust on December 8 and that it was working with the US Cybersecurity and Infrastructure Security Agency and the FBI to assess the hack’s impact.
Treasury officials didn’t immediately respond to an email seeking further details about the hack. The FBI did not immediately respond to Reuters’ requests for comment, while CISA referred questions back to the Treasury Department.
A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing “firmly opposes the US’s smear attacks against China without any factual basis.”
A spokesperson for BeyondTrust, based in Johns Creek, Georgia, told Reuters in an email that the company “previously identified and took measures to address a security incident in early December 2024” involving its remote support product.
BeyondTrust “notified the limited number of customers who were involved,” and law enforcement was notified, the spokesperson said. “BeyondTrust has been supporting the investigative efforts.”
The spokesperson referred to a statement posted on the company’s on December 8 sharing some details from the investigation, including that a digital key had been compromised in the incident and that an investigation was under way. That statement was last updated December on 18.
Tom Hegel, a threat researcher at cybersecurity company SentinelOne, said the reported security incident “fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services – a method that has become increasingly prominent in recent years,” he said, using an acronym for the People’s Republic of China.”
- Reuters with additional editing by Jim Pollard
ALSO SEE:
China Racing to Buy Key Chip Materials From US Suppliers – Nikkei
US Officials Told: Use Encryption to Avoid Chinese Phone Hacks
China Cybersecurity Body Says US Hack Stole Tech Secrets – SCMP
US Looking to Ban Sales of China’s TP-Link Routers: Report
China Hackers Accessed US Court Wiretap Networks: WSJ
China Behind Online US Election Propaganda Campaign: Researchers
Chinese Hackers Targeted Russian State Networks, IT Firms – BC
Chinese Hackers Behind Malicious Cyber Operations: Australia
US Cleared Chinese Hackers From Pacific Computer Systems
China is Using AI to Ramp up Espionage, US Says – WSJ
China Facing a WikiLeaks-Style Crisis From Hacking Firm’s Data
