The U.S. Department of Treasury has confirmed that its systems were targeted by a cyberattack carried out by a state-sponsored hacking group linked to China. This attack is being described as a “significant cybersecurity incident.”
The attack took place earlier this month, targeting employee workstations and unclassified documents. The Treasury Department provided lawmakers with details of the attack in a letter, highlighting the severity of the situation and the ongoing investigation.
According to the department, the attack was carried out by an “advanced persistent threat (APT) actor” associated with China, who exploited a key provided by a third-party service provider, BeyondTrust, which had been assisting Treasury employees with technical support. This service has now been taken offline, and authorities report no evidence of further unauthorized access.
The breach came to light on December 8, when BeyondTrust first reported suspicious activity. The company had detected the suspicious behavior on December 2 but took three days to confirm the attack, potentially giving hackers time to create accounts or alter passwords.
Officials stated that the intent of the attackers appeared to be information gathering rather than financial theft. The Treasury Department has initiated an investigation with the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and third-party forensic experts.
Chinese Embassy Response The Chinese Embassy dismissed the allegations as baseless and called them a “blame attack.” Diplomat Liu Pengyu stated that tracing cyberattacks to specific locations is difficult and condemned the allegations of hacking by China.
Growing Concerns Over Cybersecurity This incident is another example of attacks by Chinese hackers. Last December, telecom companies were targeted in an attack that potentially exposed phone records of a large portion of the U.S. public.
The Treasury Department has reinforced its commitment to protecting its systems and data from such attacks. Officials emphasized that they take the security of their systems very seriously.
The attack has raised concerns in Washington, with lawmakers expected to review the department’s cybersecurity protocols in the wake of the incident. As cyberattacks for espionage purposes become more sophisticated, the U.S. government is likely to take further steps to secure its critical infrastructure.
