Officials have linked a China state-sponsored hacking group to a major cybersecurity breach involving the U.S. Treasury Department. The attack, which Treasury officials described as a “major incident,” targeted Treasury workstations through a third-party software provider. CNN reported that a letter to lawmakers outlined the details.
The breach was initially identified on December 8th, when BeyondTrust, a cybersecurity service provider used by the Treasury, alerted the department to unauthorized access by a threat. Hackers reportedly exploited a stolen key to circumvent security measures and access several workstations as well as unclassified documents.
In the letter, Assistant Secretary for Management Aditi Hardikar attributed the incident to a Chinese state-sponsored Advanced Persistent Threat (APT) actor. Officials have since taken the compromised service offline and emphasized that there is no evidence the hackers maintain ongoing access to Treasury systems or data.
Hardikar noted that CISA was informed as soon as the Treasury became aware of the attack, with other governing bodies being contacted once the scope of the attack was clear. Investigations are ongoing, with the FBI, Cybersecurity and Infrastructure Security Agency (CISA), U.S. intelligence agencies, and third-party forensic experts all involved.
After confirming “anomalous behavior” in its system on December 5, BeyondTrust, the company behind the compromised Remote Support product, disclosed the incident on December 8. The company stated it has quarantined the affected service and enlisted external cybersecurity experts to assess and prevent future breaches. “No other BeyondTrust products were involved,” a spokesperson said.
The exact scale of the breach remains unclear, although a Treasury spokesperson noted that “several” user workstations were accessed. Treasury’s policy requires that such incidents attributed to advanced threat actors be classified as “major cybersecurity incidents.” The department plans to provide a supplemental report to Congress within 30 days to detail the incident’s impact.
This breach adds to growing concerns over China’s role in global cyberattacks, where experts have noted the increasing sophistication and reach of their hacking operations, including recent intrusions into telecommunications companies targeting high-profile individuals. While it is uncertain whether this breach is connected to other recent attacks, the incident underscores the urgent need for robust cybersecurity measures to protect U.S. government systems.
The House Financial Services Committee has scheduled a classified briefing for lawmakers next week, but they have not yet announced the exact date. The breach highlights vulnerabilities in third-party software services, emphasizing the critical importance of securing supply chains and maintaining vigilant oversight in the digital age.
