WASHINGTON (AP) — The U.S. Treasury Department disclosed on Monday that Chinese hackers gained unauthorized access to several of its workstations and unclassified documents by exploiting a vulnerability in a third-party software service provider. The agency did not specify the exact number of workstations breached or the nature of the compromised documents. However, a communication sent to lawmakers stated that, as of now, there is no evidence to suggest that the hackers retain ongoing access to Treasury information. The incident is under investigation as a significant cybersecurity breach.
In response to the breach, a Treasury Department spokesperson emphasized the seriousness with which the agency regards threats to its systems and the sensitive data they contain. The spokesperson highlighted the department’s concerted efforts over the past four years to enhance its cyber defenses and underscored its commitment to collaborating with both public and private sector entities to safeguard the financial system against malicious actors.
Meanwhile, in Beijing, a spokesperson for China’s Foreign Ministry issued a standard denial in response to the hacking allegations, reiterating the country’s stance against baseless accusations lacking substantiating evidence. The spokesperson emphasized China’s strong opposition to all forms of hacking and disinformation aimed at maligning the country for political motives.
This breach occurs in the context of ongoing concerns over a large-scale Chinese cyberespionage operation known as Salt Typhoon, which granted Chinese authorities access to private communications of numerous Americans. Recent reports indicate that the number of telecommunications companies affected by the cyberattack has risen to nine, according to a senior White House official.
The Treasury Department first became aware of the breach on December 8 when BeyondTrust, a third-party software service provider, alerted the agency that hackers had compromised a crucial key used to secure a cloud-based service utilized for remote technical support. This security compromise enabled the hackers to override the service’s protections and gain remote access to multiple employee workstations. Following the discovery, the compromised service was immediately disabled, and investigations confirmed that the hackers no longer have access to departmental information.
Aditi Hardikar, an assistant Treasury secretary, communicated these developments in a letter to the leaders of the Senate Banking Committee on Monday. The Treasury Department is collaborating with the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency, and other relevant entities to assess the impact of the breach. The department attributed the cyberattack to state-sponsored actors from China but did not provide further specifics.
The investigation continues as the Treasury Department, in conjunction with law enforcement and cybersecurity agencies, works to mitigate the consequences of the breach and strengthen its defenses against future threats.
