Chinese state-sponsored hackers infiltrated the computer security systems of the U.S. Treasury Department this month, resulting in the theft of documents in what the Treasury has classified as a “major incident.” A letter to lawmakers revealed that the hackers compromised the cybersecurity service provider BeyondTrust, gaining access to unclassified documents.
The letter detailed that the hackers “obtained a key used by the vendor to secure a cloud-based service that provides remote technical support for Treasury Departmental Offices (DO) end users. With this stolen key, the threat actor was able to bypass the service’s security measures, remotely access specific Treasury DO user workstations, and retrieve certain unclassified documents held by those users.”
The incident has been linked to a state-sponsored Advanced Persistent Threat (APT) actor from China, according to the letter. The Treasury Department was notified of the breach by BeyondTrust on December 8 and is currently collaborating with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to evaluate the breach’s ramifications.
In response, Mao Ning, a spokesperson for China’s foreign ministry, stated during a regular news briefing that “China has always opposed all forms of hacker attacks.” Additionally, a representative from the Chinese Embassy in Washington denied any involvement in the breach, asserting that Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.”
