The US Treasury Department in a letter to lawmakers that Treasury officials gave to Reuters,stated that on Monday, a group of state-sponsored hackers from China had broken through the department’s computer security measures this month and taken documents. The Treasury referred to it as a “major incident.”
Hackers managed to get their hands on a key that protected the bank’s cloud-based technical assistance service. Hackers bypassed local security measures, gained remote access to user computers, and obtained certain unclassified papers in this crucial theft.
A report from BeyondTrust, a third-party software service provider, revealed the intrusion on December 8. BeyondTrust “previously identified and took measures to address a security incident in early December 2024 affecting its remote assistance product, a representative for the Johns Creek, Georgia-based company told Reuters in an email.
According to the representative, BeyondTrust “notified the limited number of customers who were involved,” and law enforcement was also informed. “The investigative efforts have been supported by BeyondTrust.”
Aditi Hardikar, Assistant Secretary for Management at the US Treasury said, “The incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor.”
An email asking for additional information regarding the hack was not immediately answered by Treasury authorities. CISA forwarded inquiries back to the Treasury Department, and the FBI did not immediately reply to Reuters’ requests for comment.
The hack was denied by a Chinese Embassy official in Washington, who stated that Beijing “firmly opposes the US’s smear attacks against China without any factual basis.”
