Chinese state-sponsored hackers breached the US Treasury Department, accessing unclassified documents and employee workstations earlier this month. The Treasury labeled the breach a “major incident” and notified lawmakers through a formal letter. The US agency is working with the FBI and cybersecurity experts to assess the impact.
Hack Details and Investigation
The hackers exploited a security key from BeyondTrust, a third-party remote support service. BeyondTrust detected suspicious activity on December 2 but confirmed the breach three days later. The compromised service was promptly taken offline. Officials confirmed that hackers remotely accessed workstations but found no ongoing access since the breach.
Preliminary investigations identified the attackers as a “China-based Advanced Persistent Threat (APT) actor.” The department emphasized that such breaches are classified as major cybersecurity incidents under its policies. The attackers appear to have sought information rather than financial gain.
China’s Response and US Reaction
China denied involvement, dismissing the allegations as “baseless” and accusing the US of spreading disinformation. A Chinese embassy spokesperson in Washington criticized the accusations, calling them politically motivated smear campaigns.
The Treasury pledged to strengthen its cybersecurity measures and will provide a detailed report to lawmakers within 30 days. This incident follows another December breach involving US telecoms data, underscoring growing concerns about Chinese espionage efforts.