The US Treasury Department revealed Monday that Chinese state-sponsored hackers successfully breached several workstations and stole unclassified documents in what officials are calling a "major cybersecurity incident."
The breach occurred through a third-party software provider, BeyondTrust, when hackers obtained a security key used for providing remote technical support to Treasury employees. This compromised key allowed the attackers to bypass security measures and gain unauthorized access to multiple workstations.
Treasury officials discovered the intrusion on December 8 after being alerted by BeyondTrust. The compromised remote access service has since been taken offline. While the exact number of affected workstations and the nature of stolen documents remain undisclosed, the Treasury Department stated there is no evidence suggesting ongoing unauthorized access to their systems.
The FBI and the Cybersecurity and Infrastructure Security Agency are investigating the incident's impact. This breach follows a broader Chinese cyberespionage campaign known as Salt Typhoon, which recently compromised nine US telecommunications companies and exposed private communications of numerous Americans.
China's Foreign Ministry spokesperson Mao Ning rejected the allegations, stating that China "consistently opposes all forms of hacking" and denounced the accusations as groundless and politically motivated.
The Treasury Department emphasized its commitment to strengthening cybersecurity measures, noting increased cyber defense investments over the past four years. The agency continues to work with public and private sector partners to protect the US financial system from cyber threats.
Assistant Secretary Aditi Hardikar has briefed Senate Banking Committee leaders on the situation, and a detailed supplemental report is expected within 30 days.