The United States Treasury Department has confirmed a breach of its systems by a Chinese state-sponsored hacking group, describing the incident as a "major cybersecurity incident."
The intrusion, which occurred earlier this month, targeted employee workstations and unclassified documents. Details of the breach were disclosed in a letter sent by the Treasury Department to lawmakers, highlighting the gravity of the situation and the ongoing investigation.
According to the department, the attack was executed by a "China-based Advanced Persistent Threat (APT) actor," who exploited a key used by BeyondTrust, a third-party service provider offering remote technical support to Treasury employees. The compromised service has since been taken offline, and there is no evidence suggesting further unauthorized access, officials stated.
The Treasury Department became aware of the hack on December 8, following notification from BeyondTrust. The company had initially identified suspicious activity on December 2 but took three days to confirm the breach. The delay potentially allowed hackers to create accounts or alter passwords during this period.
While the full extent of the breach is under investigation, officials believe the hackers were focused on gathering information rather than financial theft. The department, alongside the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and third-party forensic experts, is working to assess the impact.
"In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident," the department noted in its letter to lawmakers. A supplemental report on the breach is expected to be submitted within 30 days.
Chinese Embassy Denies Allegations
The Chinese embassy in Washington dismissed the accusations as baseless, calling them a "smear attack." Spokesman Liu Pengyu asserted that tracing cyber incidents to a specific origin is challenging and called for a more "professional and responsible" approach.
"The US needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats," Liu said.
Growing concerns over cybersecurity
The incident marks the latest in a series of high-profile breaches attributed to Chinese hackers. Last December, telecom companies were targeted in an attack that potentially exposed phone records of a significant portion of the American population.
The Treasury Department emphasized its commitment to safeguarding its systems and data against such threats. "We take very seriously all threats against our systems, and the data it holds," a department spokesperson said.
The breach has raised alarms in Washington, with lawmakers expected to scrutinize the department’s cybersecurity protocols in light of this incident. As espionage-related cyberattacks continue to grow in sophistication, the US government is likely to intensify efforts to secure its critical infrastructure.
