The US Treasury Department has revealed that its systems were compromised earlier this month by state-sponsored actors from China, who reportedly accessed employee workstations and some unclassified documents. The breach, categorized as a "major incident," was communicated to lawmakers in a formal letter. The department is currently collaborating with the FBI and other agencies to investigate the extent of the damage.
Chinese officials have refuted these claims, dismissing them as "baseless," and asserted that they consistently oppose all forms of hacking activity. This incident adds to a troubling pattern of high-profile security breaches in the US attributed to Chinese hackers, including a significant breach of telecom companies last December that laid bare sensitive phone records.
According to the Treasury's letter, the hacking incident involved China-based actors who bypassed security measures through a third-party service provider utilized by the department. This service, known as BeyondTrust, offers technical remote support to employees, and has been taken offline since the breach was discovered. Initial assessments suggest that the attackers were associated with an "Advanced Persistent Threat (APT)," which the Treasury identifies as a major cybersecurity concern.
The onset of the breach occurred on December 2, when BeyondTrust detected unusual activity but took three days to confirm the hack. During that window, the hackers may have gained the ability to create new accounts or alter passwords. While the Treasury has not disclosed what specific documents were accessed or their sensitivity levels, it appears the hackers were on a mission for espionage rather than financial theft.
Furthermore, a follow-up report regarding this incident is set to be released to lawmakers within 30 days. In contrast, China's Foreign Ministry spokesperson Mao Ning issued a firm denial of the allegations, labeling them as unfounded accusations without supporting evidence.
Previously, two groups of alleged Chinese government hackers, Volt Typhoon and Salt Typhoon, were identified. The former is accused of targeting critical infrastructure while the latter is suspected in espionage activities, including the recent telecoms hack. The US has yet to provide concrete evidence regarding the latest claims against China, igniting debates about cybersecurity and international relations as both nations navigate allegations of cyber espionage.
Chinese officials have refuted these claims, dismissing them as "baseless," and asserted that they consistently oppose all forms of hacking activity. This incident adds to a troubling pattern of high-profile security breaches in the US attributed to Chinese hackers, including a significant breach of telecom companies last December that laid bare sensitive phone records.
According to the Treasury's letter, the hacking incident involved China-based actors who bypassed security measures through a third-party service provider utilized by the department. This service, known as BeyondTrust, offers technical remote support to employees, and has been taken offline since the breach was discovered. Initial assessments suggest that the attackers were associated with an "Advanced Persistent Threat (APT)," which the Treasury identifies as a major cybersecurity concern.
The onset of the breach occurred on December 2, when BeyondTrust detected unusual activity but took three days to confirm the hack. During that window, the hackers may have gained the ability to create new accounts or alter passwords. While the Treasury has not disclosed what specific documents were accessed or their sensitivity levels, it appears the hackers were on a mission for espionage rather than financial theft.
Furthermore, a follow-up report regarding this incident is set to be released to lawmakers within 30 days. In contrast, China's Foreign Ministry spokesperson Mao Ning issued a firm denial of the allegations, labeling them as unfounded accusations without supporting evidence.
Previously, two groups of alleged Chinese government hackers, Volt Typhoon and Salt Typhoon, were identified. The former is accused of targeting critical infrastructure while the latter is suspected in espionage activities, including the recent telecoms hack. The US has yet to provide concrete evidence regarding the latest claims against China, igniting debates about cybersecurity and international relations as both nations navigate allegations of cyber espionage.
