US Treasury Hacked by Suspected Chinese Actors, Officials Confirm

U.S. Treasury officials have announced that the department was targeted in a cyberattack believed to be orchestrated by Chinese state-sponsored actors. According to reports, the breach enabled these hackers to penetrate government workstations and view unclassified documents after obtaining a security key that bypassed existing protective measures.

The incident came to light following a message from the third-party software supplier, BeyondTrust, which alerted the Treasury on December 8. Following this notification, the Treasury informed the Senate Banking Committee, labeling the event a “major incident,” which aligns with its policy on nation-state hacking breaches. Specific details about how many workstations were compromised or the exact documents accessed remain unclear, but officials stated that there is no current evidence suggesting that the hackers still have access to Treasury systems.

In response to the breach, the Treasury quickly engaged with the Cybersecurity and Infrastructure Security Agency (CISA) and disabled the affected BeyondTrust service. A Treasury spokesperson articulated the department's commitment to safeguarding its systems and data, noting significant improvements in their cyber defenses in recent years and ongoing collaboration with both private and public sector partners.

Assistant Treasury Secretary Aditi Hardikar also confirmed the attribution of the hack to Chinese actors, labeling them as a state-sponsored Advanced Persistent Threat (APT) group. The attack involved exploiting a security key, which allowed the perpetrators to remotely access various Treasury workstations and unclassified files. CISA was alerted as soon as the Treasury became aware of the breach, and further notifications were disseminated as the situation unfolded.

In response to these allegations, the Chinese embassy in the U.S. has denied any wrongdoing, dismissing the accusations as unfounded and indicative of a smear campaign. They condemned the U.S.'s claims as lacking factual basis. The Treasury has committed to providing additional details on the situation to lawmakers within the next month.

BeyondTrust has acknowledged the security incident, stating they acted swiftly to mitigate the issue and notified affected customers and authorities of the breach. A cybersecurity expert pointed out that this hack aligns with established tactics used by groups linked to the People's Republic of China, particularly emphasizing their method of exploiting trusted third-party services.