Chinese hackers infiltrated the U.S. Treasury Department earlier this month, exploiting a third-party cybersecurity vendor to gain access to unclassified documents. Treasury officials have called the breach a “major incident” in a letter to lawmakers obtained by Reuters.
The attackers used a compromised key associated with BeyondTrust’s cloud-based technical support service to bypass security protocols. This allowed them to remotely access workstations used by Treasury Department employees and extract unclassified data.
Shocking claims of US Treasury hack by China raise more questions than answers, especially given the suspicious timing. pic.twitter.com/QpOt2NCPCC
— Truthful Voice (@webheraldnet) December 30, 2024
BeyondTrust alerted the Treasury Department to the breach on December 8. The department is working with CISA and the FBI to evaluate the scope of the incident. “Treasury takes all threats seriously,” the department said, emphasizing its commitment to improving cybersecurity defenses.
SHOCKING: 🇨🇳 China Allegedly Hacks US Treasury in Massive Cyberattack – FBI Launches Urgent Probe
What do you think this means for US-China relations? 🤯 pic.twitter.com/5EKpOjhdGI
— Nyke Nakamoto (@Nyke_Nakamoto) December 30, 2024
Experts have identified the breach as part of a broader trend of Chinese state-sponsored hacking. SentinelOne’s Tom Hegel explained that the attack reflects a known pattern of targeting trusted third-party services to infiltrate sensitive systems.
BREAKING: China hacked the U.S. Treasury Department, gaining access to workstations and documents – NYT
I bet their login credentials were extremely secure…like “guest” or “password1.” pic.twitter.com/KkGoUJr5Kj
— Chad Prather (@WatchChad) December 30, 2024
The Chinese Embassy in Washington has denied responsibility, accusing the U.S. of baseless allegations. BeyondTrust acknowledged a security breach affecting some clients but has not confirmed a connection to the Treasury attack.
BREAKING: CHINA HACKS THE US TREASURY DEPARTMENT
THE TIME TO DITCH THE DOLLAR IS NIGH pic.twitter.com/q3DVC2uRvp
— Aaron Day (@AaronRDay) December 30, 2024
The compromised service has been deactivated, and officials believe the hackers no longer have access. This incident underscores the risks associated with third-party service providers and the increasing sophistication of state-sponsored cyberattacks.
“⚡️ US Treasury claims China hacked ‘some of its workstations.’
Apparently the Chinese hackers found ‘Top 5 ways to raise the National Debt’ in a locked folder.”
– @RT_com pic.twitter.com/RJpOqK4d7X
— George Weah MDAV∆♛🍷🇳🇬 (@marinelo_dav) December 30, 2024
China hacks US Treasury only to find it empty
with an IOU for $199 Trillion Dollars from Ukraine
and the Bidens. pic.twitter.com/7hnxrxDpWT— Azore Lure (@AzoreLure) December 30, 2024