A Chinese state-sponsored hacking group infiltrated the US Treasury Department’s systems, accessing unclassified documents and employee workstations. The breach occurred earlier this month and was labeled a “major incident” by the Treasury, which informed lawmakers in a formal letter.
Officials said the hackers bypassed security measures using a key from a third-party service provider. The compromised provider, BeyondTrust, offers remote technical support and has since been taken offline. Investigators, including the FBI and Cybersecurity and Infrastructure Security Agency, are assessing the hack’s impact.
Details of the Breach
BeyondTrust first detected suspicious activity on December 2 but confirmed the hack three days later. The Treasury was notified on December 8. Hackers gained remote access to workstations and some unclassified documents but did not appear to access classified systems or attempt financial theft. Officials suspect the attack was conducted by a China-based Advanced Persistent Threat (APT) group aiming to gather intelligence.
The Treasury letter acknowledged that during the three-day window, hackers could have created accounts or changed passwords. It also confirmed that a supplemental report would be sent to lawmakers within 30 days.
China’s Response and Broader Implications
China denied the allegations, calling them baseless and politically motivated. Foreign Ministry spokeswoman Mao Ning reiterated that China opposes all forms of hacking. The Chinese embassy in Washington labeled the claims a smear campaign.
This breach adds to a series of high-profile hacks attributed to Chinese espionage groups, including a December attack on telecom companies, which may have exposed phone record data. The Treasury affirmed its commitment to protecting its systems and investigating the intrusion thoroughly.