US Treasury hit by major hack, China suspected in cyberattack

A Chinese state-sponsored hacker breached the US Treasury Department’s systems in early December, accessing employee workstations and some unclassified documents. The Treasury Department called the incident a “major cybersecurity breach” and informed lawmakers through a letter. The breach was discovered after a third-party service provider, BeyondTrust, notified the Treasury about suspicious activity.

The hacker bypassed security via a key used by BeyondTrust to provide remote technical support to employees. BeyondTrust was immediately taken offline, and there’s no evidence of continued access. The FBI, along with other agencies, is investigating the breach’s full impact.

Officials suspect the hack was carried out by a China-based Advanced Persistent Threat (APT) actor, often associated with espionage. The intruder had access to several user workstations and unclassified documents, though the exact nature of these documents hasn’t been disclosed. The attack may have been aimed at gathering intelligence rather than stealing funds.

The Chinese embassy in Washington denied the allegations, calling the claim a “smear attack.” They stated that it is difficult to trace the origin of cyberattacks and urged a responsible approach to characterizing such incidents.

The Treasury Department assured that it takes the security of its systems seriously and will continue to protect its data from future threats. A detailed report on the breach is expected in 30 days. This breach is part of a broader trend of high-profile hacks attributed to Chinese espionage, including a December attack on US telecom companies.