Senior U.S. Treasury officials revealed that Chinese-sponsored hackers breached the U.S. Treasury Department’s computer security and stole documents in early December.
in a letter to legislators Treasury officials told Reuters on Monday that the cyber intrusion was a “major incident.”
Hackers breach third-party cybersecurity service provider beyond trust and have access to non-confidential documents, the letter stated.
See also: Chinese chip manufacturing technology 10-15 years behind West: ASML CEO
According to the letter, the hackers “gained access to keys used by the vendor to secure a cloud-based service used to provide remote technical support to Department of the Treasury (DO) end users. Through access, they were By stealing the keys, the threat actor was able to override the security of the service, gain remote access to certain Treasury Department DO user workstations, and access certain non-confidential files maintained by those users.
The U.S. Treasury Department said it received an intrusion alert from BeyondTrust on December 8 and was working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the impact of the hack.
Treasury officials did not immediately respond to an email seeking more details about the hack. The FBI did not immediately respond to Reuters' request for comment, while CISA referred questions back to the Treasury Department.
A spokesman for the Chinese Embassy in Washington denied taking any responsibility for the hack and said Beijing “firmly opposes the U.S.'s smear attacks against China without any factual basis.”
A spokesperson for Johns Creek, Georgia-based BeyondTrust told Reuters in an email that the company “previously identified and took steps to resolve a security incident involving its remote support products in early December 2024.”
A spokesperson said BeyondTrust “notified a limited number of customers involved” and notified law enforcement. “BeyondTrust has been supporting the investigation.”
The spokesperson pointed to a statement issued by the company on December 8, which shared some details of the investigation, including that digital keys were compromised in the incident, and that the investigation is ongoing. The statement was last updated on December 18.
Tom Hegel, a threat researcher at cybersecurity firm SentinelOne, said the reported security incidents “are consistent with a well-documented operating pattern by groups with ties to China, with a particular focus on the abuse of trusted third-party services — —This approach has become more and more prominent in recent years,” he said, using the abbreviation of the People's Republic of China. “
- Reuters Additional editing by Jim Pollard
See also:
China races to buy critical chip materials from U.S. suppliers – Nikkei
U.S. officials tell us to use encryption technology to prevent Chinese phone calls from being hacked
China’s cybersecurity agency says US hackers stole technology secrets – South China Morning Post
US plans to ban sales of Chinese TP-Link routers: report
Chinese hackers hacked into U.S. courts to wiretap networks: Wall Street Journal
China behind U.S. online election campaign: Researchers
Chinese hackers target Russian state network, IT companies – BC
Chinese hackers behind malicious cyber operations: Australia
U.S. clears Chinese hackers from Pacific Computer Systems
U.S. says China is using artificial intelligence to boost espionage – Wall Street Journal
China faces WikiLeaks-style crisis from hacker firm data
