Recently, the U.S. Treasury Department revealed that Chinese hackers gained unauthorized access to several of its workstations and unclassified documents. The breach occurred after the hackers compromised a third-party software service provider. While the exact number of workstations accessed and the nature of the documents obtained were not disclosed, the department assured lawmakers that there is currently no evidence suggesting the hackers still have access to Treasury information.
The Treasury Department emphasized the seriousness with which it views threats to its systems and data. In response to the breach, the department spokesperson highlighted the significant efforts made over the past four years to enhance cybersecurity defenses. The department pledged to collaborate with both private and public sector partners to safeguard the financial system from such threat actors.
China, in response to the hacking allegations, reiterated its stance against hacking and the dissemination of false information for political purposes. The incident comes amidst ongoing concerns over a large-scale Chinese cyberespionage campaign known as Salt Typhoon, which granted Chinese officials access to private communications of Americans.
The breach was discovered on December 8 when the third-party software service provider, BeyondTrust, alerted the Treasury Department that a key used to secure a cloud-based service had been stolen by hackers. This key enabled the hackers to bypass the service's security measures and gain remote access to employee workstations. The compromised service has since been taken offline to prevent further unauthorized access.
The Treasury Department is collaborating with law enforcement agencies and cybersecurity experts to investigate the impact of the breach. While attributing the hack to Chinese state-sponsored actors, the department did not provide further details on the investigation.
