A Chinese state-sponsored hacker infiltrated the US Treasury Department’s systems earlier this month, gaining access to employee workstations and certain unclassified documents, officials confirmed on Monday (December 30).
The Treasury Department classified the breach as a “major incident” in a letter notifying lawmakers about the incident. The agency stated it is collaborating with the FBI and other federal entities to assess the breach’s impact.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” Aditi Hardikar, assistant secretary for management at the US Treasury, wrote in a letter.
Espionage Breach Targets Treasury Data
In its letter to lawmakers, the Treasury Department revealed that the China-based hacker bypassed security measures using a key obtained from a third-party service provider. The application, known as BeyondTrust, provides remote technical support to employees.
Officials confirmed that the compromised service has since been taken offline. The statement also noted that there is no evidence of continued unauthorized access to Treasury Department information following the breach.
The Treasury Department did not disclose the nature of the accessed files, the duration of the breach, or the level of confidentiality of the compromised systems. It also withheld details about the seniority of staff whose materials were accessed.
During the three days the hackers were monitored by BeyondTrust, they may have had the capability to create accounts or alter passwords. As espionage agents, the hackers are believed to have been targeting sensitive information rather than attempting financial theft.
Chinese Embassy Disputes Hacking Allegations
Chinese Embassy spokesperson Liu Pengyu dismissed the department’s report, stating that accurately tracing the origin of hackers can be challenging.
“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said.
“The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”
