Treasury Department Breach Traced To Chinese Hackers

Chinese state-sponsored hackers accessed unclassified documents from the U.S. Treasury Department earlier this month, exploiting a vulnerability in BeyondTrust, a third-party cybersecurity provider. The incident has been described as a “major breach.” in communications to lawmakers.

The attackers leveraged a stolen digital key to bypass BeyondTrust’s cloud-based support service, enabling them to remotely access Treasury workstations. The breach exposed unclassified information stored on these systems.

BeyondTrust alerted Treasury officials to the incident on December 8. Federal agencies, including the FBI and CISA, are now involved in assessing the impact and securing affected systems. “Treasury takes all threats to its systems and data seriously,” the department said, emphasizing its efforts to bolster cybersecurity.

Cybersecurity experts have linked the breach to tactics frequently used by Chinese state-sponsored groups. Tom Hegel of SentinelOne highlighted the trend of exploiting third-party vendors as a way to infiltrate high-value targets.

China’s embassy in Washington has denied the allegations, calling them unfounded. BeyondTrust has acknowledged a security incident involving its remote support software and stated that it is working to address the issue.

The affected service has been shut down, and Treasury officials believe the immediate threat has been mitigated. Investigations into the broader implications of the breach remain ongoing.