The U.S. Treasury Department confirmed that a state-sponsored Chinese hacking operation infiltrated its systems in a breach described as a “major incident.” The attackers exploited vulnerabilities in third-party cybersecurity software to access Treasury employees’ workstations, according to a letter obtained by NBC News.
How the Hack Unfolded
- The breach, discovered on December 8, involved BeyondTrust, a third-party service provider used by the Treasury for cloud-based technical support.
- Hackers accessed a critical security key used by BeyondTrust to override protective measures, enabling them to infiltrate departmental office (DO) workstations.
- The attackers gained access to unclassified documents, though the full extent of the breach remains under investigation.
Treasury’s Response
In a letter addressed to Senators Sherrod Brown (D-Ohio) and Tim Scott (R-S.C.), Aditi Hardikar, Treasury’s assistant secretary for management, outlined the department’s immediate actions:
- The compromised BeyondTrust service was taken offline to prevent further access.
- Treasury is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other intelligence agencies, alongside private forensic experts, to assess the breach’s impact.
A Treasury spokesperson reassured the public, stating:
“There is no evidence indicating the threat actor has continued access to Treasury systems or information.”
Link to China
Analysis by U.S. intelligence agencies confirmed the breach originated from a Chinese state-sponsored actor, underscoring persistent cyber threats posed by Beijing.
A Broader Cybersecurity Concern
This breach is the latest in a string of high-profile cyberattacks targeting U.S. government and private-sector systems, raising concerns over vulnerabilities in third-party software providers. BeyondTrust’s compromised platform highlights the risks posed by the supply chain in cybersecurity.
The Treasury emphasized its ongoing efforts to strengthen defenses:
“Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with private and public sector partners to protect our financial system.”
Next Steps
- A supplemental report detailing the findings of the investigation is expected within 30 days.
- Treasury officials are likely to face increased scrutiny over their reliance on third-party software and their strategies for preventing future breaches.
This incident underscores the urgent need for heightened vigilance and robust cybersecurity protocols to safeguard critical U.S. financial and governmental systems from state-sponsored cyber threats.
