Chinese Hackers Exploit Software Vulnerability to Breach U.S. Treasury Systems, Accessing Workstations and Sensitive Documents in a Major Cybersecurity Incident
The U.S. Treasury Department has confirmed a breach of its systems by a Chinese state-sponsored hacking group, marking what officials describe as a “major incident.” Hackers reportedly gained unauthorized access to government workstations and unclassified documents, using a stolen key to exploit vulnerabilities in third-party software.
How the Breach Happened
According to a letter reviewed by CNN, the breach was first detected on December 8 when BeyondTrust, a third-party software provider, informed the Treasury about suspicious activity. Hackers used the stolen key to override security measures, gaining remote access to workstations and unclassified documents maintained by Treasury staff.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,”
wrote Aditi Hardikar, Assistant Secretary for Management at the Treasury, in a letter to lawmakers.
BeyondTrust, whose software is used by the Treasury for technical support, revealed that it had identified the security issue on December 2 and confirmed anomalous behavior on December 5. The company has since quarantined affected systems, hired external cybersecurity experts, and notified law enforcement.
China Denies Allegations
Responding to the accusations, China’s Foreign Ministry spokesperson Mao Ning called the claims “groundless” and said,
“China has always opposed all forms of cyberattacks and opposes spreading false information for political purposes.”
No Evidence of Ongoing Threat
Treasury officials assured the public that the compromised service has been taken offline and that there is no evidence of ongoing access by the hackers. They are collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and U.S. intelligence agencies to assess the extent of the breach.
A Treasury spokesperson said,
“There is no evidence indicating the threat actor has continued access to Treasury systems or information.”
Next Steps
Lawmakers have been briefed, and a classified meeting with the House Financial Services Committee is planned for next week. Treasury is required to provide a detailed supplemental report within 30 days.
BeyondTrust has stated that no other products were impacted by the breach, and it continues to investigate the root cause to prevent future threats.
Impact Unclear
While the exact number of compromised workstations remains unspecified, the breach has raised significant concerns about the cybersecurity vulnerabilities of critical U.S. systems.
A Call to Action
Hardikar emphasized the severity of the incident, stating that intrusions by APT actors are automatically classified as major cybersecurity incidents under Treasury policy. The department continues its efforts to understand the full scope of the attack and implement additional safeguards.
Join our Channel...