US treasury links cyberattack to China-linked APT, partners with CISA & FBI for investigation
Chinese hackers stole documents in ‘major incident’: US Treasury. Chinese hackers have breached the U.S. Treasury Department’s cybersecurity defenses, stealing documents in what has been described as a “major incident,” according to a letter from Treasury officials to lawmakers.
The attack, which occurred earlier this month, involved hackers compromising a third-party cybersecurity service provider, BeyondTrust. Using this access, the hackers were able to gain entry to unclassified documents stored within the Treasury Department’s systems.
According to the letter, the hackers exploited a vulnerability by accessing a digital key used by BeyondTrust to secure a cloud-based service, which was employed for remote technical support of Treasury’s departmental offices. With the stolen key, the hackers bypassed security measures, remotely accessing workstations and retrieving sensitive data.
The incident has been attributed to a China-linked Advanced Persistent Threat (APT) actor, according to Treasury’s statement. The department was alerted to the breach by BeyondTrust on December 8 and is currently working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the breach’s full impact.
A spokesperson for the Chinese Embassy in Washington has denied any involvement in the attack, rejecting accusations of state-sponsored hacking and calling the allegations baseless. Meanwhile, BeyondTrust, based in Johns Creek, Georgia, confirmed that it had detected the security incident in early December and had notified the affected clients, including the Treasury. The company is cooperating with law enforcement and supporting ongoing investigations.
Cybersecurity experts have noted that this incident follows a known pattern of tactics employed by Chinese-linked hacking groups, particularly the use of compromised third-party services to gain unauthorized access to sensitive data.
The breach underscores ongoing concerns about cyber threats from foreign state actors targeting U.S. government and private-sector networks.
