Chinese Hackers Accused of Breaching US Treasury Systems
The US Treasury Department has reported a significant cybersecurity breach involving Chinese state-sponsored hackers who accessed employee workstations and unclassified documents earlier this month. In a letter to lawmakers, the Treasury described the incident as a "major cybersecurity event" and attributed it to a "China state-sponsored Advanced Persistent Threat (APT) actor."
The hackers exploited a vulnerability in a third-party cybersecurity service provider, BeyondTrust. By compromising a digital key used to secure a remote support service, they were able to override the platform’s security and gain access to Treasury Departmental Offices’ user systems. The breach allowed them to access unclassified documents, though the exact nature of the files remains undisclosed.
BeyondTrust first detected suspicious activity on December 2nd but confirmed the breach three days later. On December 8th, the company alerted the Treasury Department, which then collaborated with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and other agencies to investigate the attack's impact. The compromised service has since been taken offline, and officials stated there is no evidence of continued access to Treasury systems.
China has firmly denied the allegations. Mao Ning, a spokesperson for the Chinese Foreign Ministry, labeled the accusations as "baseless" and stated, "China consistently opposes all forms of hacking and firmly rejects the dissemination of false information targeting China for political purposes." Similarly, a spokesperson for the Chinese Embassy in Washington dismissed the claims as part of a smear campaign against Beijing.
US officials, however, pointed to a pattern of cyberattacks linked to Chinese APT groups, which are known for targeting third-party services to breach systems. Tom Hegel, a cybersecurity expert from SentinelOne, noted that such tactics have become increasingly prominent in recent years.
The breach is part of a broader tension between the US and China over cybersecurity issues. Earlier this month, Chinese-backed hackers were accused of targeting telecom companies in a separate incident, while two other groups—Volt Typhoon and Salt Typhoon—were linked to critical infrastructure and espionage missions.
The Treasury Department emphasized its commitment to addressing cybersecurity threats and announced plans to release a supplemental report on the breach within 30 days. The agency monitors global financial systems and has previously imposed sanctions on China, adding a layer of geopolitical complexity to the situation.
Despite the denial from Beijing, the incident underscores ongoing cybersecurity vulnerabilities and raises concerns about the risks posed by state-sponsored hacking efforts. Both nations remain at odds, with the US continuing to accuse China of espionage and Beijing rejecting what it describes as unfounded accusations.
