Chinese state-sponsored hackers breached the US Treasury Department earlier this month, accessing employee workstations and unclassified documents. The Treasury announced the breach in a letter to lawmakers, emphasizing its seriousness as a "major incident." They are collaborating with the FBI and cybersecurity agencies to investigate the hack's impact.
China's government has denied the allegations, calling them "baseless" and stating their opposition to all forms of hacking. This incident is part of a broader pattern of security breaches in the US attributed to China, following a significant telecom hack in December.
The breach reportedly involved exploiting security vulnerabilities associated with BeyondTrust, a third-party technical support service used by Treasury employees. This application has been taken offline as forensic investigators assess the situation. Early findings suggest the attack was likely carried out by a "China-based Advanced Persistent Threat (APT) actor," and officials are treating it with utmost seriousness.
The Treasury said they first learned of the hack on December 8, although suspicious activities were initially detected as early as December 2. The nature of the accessed documents or the exact duration of the intrusion remain unspecified, but it appears the goal was espionage rather than financial theft, as the hackers sought sensitive information.
China’s foreign ministry has dismissed the US claims, asserting that the accusations lack evidence and are politically motivated. They have demanded an end to what they describe as a smear campaign against China. Meanwhile, the FBI is working to neutralize ongoing threats from identified Chinese hacker groups, including Volt Typhoon and Salt Typhoon, which have been linked to previous cyber espionage activities. The US is yet to provide concrete evidence linking China to this recent breach.
