The U.S. Treasury Department has reported a significant breach of its systems by a Chinese state-sponsored hacker, who accessed employee workstations and some unclassified documents. The intrusion occurred in early December, with the announcement made public through a letter to lawmakers on Monday.
Officials characterized the breach as a “major incident” and revealed that they are collaborating with the FBI and other agencies to investigate the repercussions. In response to the allegations, a spokesperson for the Chinese embassy in Washington, D.C., dismissed the claims as a “smear attack” lacking factual foundation.
The Treasury Department’s letter indicated that the hacker managed to bypass security using a key from a third-party service provider, BeyondTrust, which offers remote technical support to Treasury employees. Following the breach, BeyondTrust has been taken offline, and authorities stated there is no evidence suggesting ongoing access to Treasury information since the incident.
Working alongside the FBI and the Cybersecurity and Infrastructure Security Agency, the Treasury Department is assessing the overall impact of the breach. Evidence gathered thus far points to the attack being orchestrated by a China-based Advanced Persistent Threat (APT) actor.
According to the department, intrusions attributed to an APT qualify as significant cybersecurity incidents. BeyondTrust initially alerted the Treasury to the hack on December 8, with suspicious activity first detected on December 2. However, it took the company three days to confirm the breach.
While the specifics of the compromised files have not been disclosed, it is known that the hacker could remotely access certain unclassified documents kept by violated user accounts. The Treasury Department has not clarified the confidentiality of the systems involved, making it difficult to assess the true value of the breach, as access to 100 low-level workers might yield less sensitive information than access to a handful of higher-ranking officials.
The hackers are believed to have been seeking information rather than attempting to steal funds, and there are concerns that they may have created accounts or altered passwords during the monitoring period.
In the wake of the breach, the Treasury Department reiterated its commitment to safeguarding its systems and data against external threats, stating that a supplemental report will be delivered to lawmakers within 30 days.
In response, Chinese embassy spokesman Liu Pengyu urged caution in attributing cyber incidents, emphasizing the difficulty in tracing their origins. He called on relevant parties to handle characterizations responsibly, criticizing what he termed unfounded speculation regarding alleged Chinese hacking threats.
This incident adds to a growing list of significant cyber breaches in the U.S. attributed to Chinese espionage hackers, including a recent hack of telecommunications companies that potentially compromised phone records for large segments of American society.
Credit: BBC News