Treasury Breach Linked To Chinese State-Sponsored Hackers

Chinese hackers infiltrated the U.S. Treasury Department earlier this month, exploiting a third-party cybersecurity vendor to gain access to unclassified documents. Treasury officials have called the breach a “major incident” in a letter to lawmakers obtained by Reuters.

The attackers used a compromised key associated with BeyondTrust’s cloud-based technical support service to bypass security protocols. This allowed them to remotely access workstations used by Treasury Department employees and extract unclassified data.

BeyondTrust alerted the Treasury Department to the breach on December 8. The department is working with CISA and the FBI to evaluate the scope of the incident. “Treasury takes all threats seriously,” the department said, emphasizing its commitment to improving cybersecurity defenses.

Experts have identified the breach as part of a broader trend of Chinese state-sponsored hacking. SentinelOne’s Tom Hegel explained that the attack reflects a known pattern of targeting trusted third-party services to infiltrate sensitive systems.

The Chinese Embassy in Washington has denied responsibility, accusing the U.S. of baseless allegations. BeyondTrust acknowledged a security breach affecting some clients but has not confirmed a connection to the Treasury attack.

The compromised service has been deactivated, and officials believe the hackers no longer have access. This incident underscores the risks associated with third-party service providers and the increasing sophistication of state-sponsored cyberattacks.