Cberattacks – China-Linked Hackers Breach US Treasury Systems in ‘Major Cybersecurity Incident’
The U.S. Treasury Department has disclosed a significant breach of its systems by a China-backed hacking group, marking what officials are calling a “major incident.” The breach, first identified by a third-party software provider on December 8, involved the use of a stolen key to access Treasury workstations and unclassified documents.
In a letter to lawmakers, Aditi Hardikar, the Treasury’s assistant secretary for management, attributed the intrusion to a Chinese state-sponsored Advanced Persistent Threat (APT) actor.
The breach was traced to BeyondTrust, a third-party software provider, which reported the misuse of a security key tied to its Remote Support product. The stolen key allowed hackers to override security measures, granting remote access to certain Treasury Department workstations and unclassified user documents.
BeyondTrust confirmed that anomalous behavior was detected in the product on December 2, with affected customers notified by December 5. Following the discovery, the company suspended and quarantined impacted systems, engaged an external cybersecurity team, and began cooperating with law enforcement.
The Treasury has since taken the compromised service offline and is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, U.S. intelligence agencies, and forensic investigators to assess the scope and impact of the breach.
“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury spokesperson stated.
A classified briefing for staffers from the House Financial Services Committee is planned for next week, though the exact timing remains undetermined. Treasury officials have also committed to providing an updated report on the breach within 30 days, as required for incidents involving advanced persistent threat actors.
In its public updates, BeyondTrust emphasized that the incident was limited to its Remote Support product, with no other systems impacted. The company has been actively investigating the breach and implementing measures to prevent future attacks.
Read More >> Biden Declares National Day of Mourning, Closes Government to Honor Jimmy Carter
The full extent of the damage remains unclear, but Treasury policy deems such intrusions by advanced threat actors as significant cybersecurity events. “CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident,” Hardikar wrote in the letter.
As the investigation unfolds, this incident highlights the persistent vulnerabilities in federal systems and the growing sophistication of state-sponsored cyberattacks.
Looking for Expert Freelancer?
>>> Hire Now!
