The US Treasury Department has disclosed a significant cybersecurity breach involving a Chinese state-sponsored hacking group that infiltrated Treasury workstations and accessed unclassified documents earlier this month.
In a letter to lawmakers, Aditi Hardikar, Assistant Secretary for Management at the Treasury, detailed the attack, describing it as a “major cybersecurity incident.” The breach was discovered on December 8 when a third-party software provider, BeyondTrust, alerted Treasury officials about unauthorized access using a stolen security key.
The stolen key allowed the threat actor, identified as an Advanced Persistent Threat (APT) group backed by the Chinese government, to bypass the security of a cloud-based service used by the Treasury for technical support. This enabled the hackers to remotely access certain user workstations and retrieve unclassified documents.
A Treasury spokesperson confirmed that the compromised service has since been taken offline. While several workstations were accessed, officials believe there is no evidence the hackers retain ongoing access to Treasury systems or information.
The Treasury has launched a comprehensive investigation with assistance from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, US intelligence agencies, and third-party forensic experts. The breach was immediately classified as a “major cybersecurity incident,” prompting a requirement for detailed updates, including a supplemental report within 30 days.
The extent of the damage caused by the breach remains unclear. However, the Treasury indicated in the letter that efforts are underway to fully assess the impact and secure the affected systems.
BeyondTrust, the third-party software service provider whose stolen key facilitated the breach, has not commented on the incident. The Treasury’s letter explained that the stolen key allowed hackers to override the service’s security protocols, leading to the unauthorized access.
This breach highlights the persistent threat posed by state-sponsored cyberattacks targeting critical US government systems. As investigations continue, officials are working to bolster cybersecurity defenses and prevent similar incidents in the future.
This report underscores the increasing sophistication of cyberattacks and the importance of safeguarding sensitive information in a rapidly evolving digital landscape.