US Treasury Department Hacked by Chinese State-Sponsored Actors

Chinese state-sponsored hackers infiltrated the US Treasury Department earlier this month, accessing employee workstations and unclassified documents. This breach has been labeled a major incident by the Treasury, which alerted lawmakers about the situation.

Key Details:

• Date of Awareness: The Treasury was informed of the hack on December 8 by the third-party service provider, BeyondTrust.
• Method of Attack: Hackers exploited a key through BeyondTrust, a remote technical support application used by the Treasury's employees.
• Scope of Breach: The hackers gained access to multiple user workstations and unclassified documents but the specific nature of the accessed files has not been disclosed.
• Duration and Nature of Attack: Initial investigations indicate the breach occurred over several days, with concerns that hackers could change passwords or create new accounts during this time.

Response from Authorities:

• The Treasury Department is collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency, and forensic investigators to assess the breach's impact.
• A detailed report will be provided to lawmakers within 30 days.

Chinese Denial:

China has categorically denied any involvement, describing the allegations as baseless and part of a smear campaign against the country. A spokesperson emphasized that China opposes all forms of hacking and dismissed the claims as politically motivated.

Context of Recent Cybersecurity Issues:

This incident is part of a broader pattern of cybersecurity breaches attributed to Chinese hacking groups targeting various sectors, including critical infrastructure and governmental organizations. The US has not yet provided concrete evidence linking the Chinese government to this specific hack.