Chinese state-sponsored hackers breached the U.S. Treasury Department earlier this month through vulnerabilities in a third-party cybersecurity provider, stealing sensitive documents.
The Treasury called the breach a “major incident” in a letter to lawmakers, raising concerns about the nation’s cybersecurity.
The attack began on December 8, when hackers compromised BeyondTrust, a software service provider tasked with securing remote technical support systems. By obtaining a stolen digital key, the attackers bypassed security protocols and accessed workstations used by Treasury Departmental Office staff.
These workstations contained unclassified documents, which the hackers were able to retrieve. Treasury officials have since disabled the compromised BeyondTrust service and stated that there is no current evidence of continued access by the attackers.
The breach is under investigation by the Treasury Department, the FBI, and the Cybersecurity and Infrastructure Security Agency.
A Treasury spokesperson reiterated the department’s dedication to safeguarding its systems, noting that efforts to enhance cybersecurity have been ongoing in light of evolving threats from state-sponsored groups.
This attack is part of a larger pattern of cyber espionage attributed to Chinese state-backed hacking operations.
In recent years, these groups have employed increasingly sophisticated methods, often targeting trusted third-party service providers to gain access to high-value systems. The breach coincides with ongoing activity by China’s Salt Typhoon hacking group, which has been linked to wide-ranging espionage campaigns targeting U.S. infrastructure and officials.
BeyondTrust, the cybersecurity firm at the center of the incident, confirmed the breach and detailed measures it has taken to address the situation. The company reported that it had notified affected customers and law enforcement. Investigations revealed that the attackers had exploited a compromised digital key associated with BeyondTrust’s remote support product. The company assured stakeholders that steps have been taken to mitigate further risks.
Chinese officials have denied involvement in the attack. Mao Ning, a spokesperson for China’s foreign ministry, stated that China “opposes all forms of hacker attacks.” The Chinese Embassy in Washington also dismissed the allegations as baseless accusations aimed at discrediting Beijing.
The breach highlights the persistent vulnerabilities in U.S. cybersecurity infrastructure and the critical need for robust defense mechanisms. As investigations continue, the incident serves as a reminder of the growing threat posed by state-sponsored cyberattacks and the importance of securing critical digital supply chains.