The US Treasury Department disclosed Monday that Chinese state-sponsored hackers gained unauthorized access to several agency workstations and unclassified documents through a third-party software vulnerability.
According to Treasury officials, the breach occurred on December 8 when hackers exploited security flaws in remote technical support software provided by BeyondTrust. The attackers stole an authentication key that allowed them to bypass system defenses and remotely access Treasury computers.
The Treasury Department classified this as a "major cybersecurity incident" and immediately launched an investigation in collaboration with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). While the compromised service has been taken offline, the full scope of accessed information remains under review.
"At this time there is no evidence indicating the threat actor has continued access to Treasury information," stated Aditi Hardikar, Assistant Treasury Secretary, in a letter to the Senate Banking Committee.
The Chinese government strongly denied involvement, with Foreign Ministry spokeswoman Mao Ning calling the accusations "groundless" and lacking evidence. Chinese Embassy spokesman Liu Pengyu dismissed the allegations as an attempt to "smear" China's reputation.
This incident follows recent revelations about an extensive Chinese cyber espionage campaign known as Salt Typhoon that reportedly compromised nine US telecommunications companies. While Treasury officials have not confirmed if this breach is connected to Salt Typhoon, cybersecurity experts suggest the impact could be more extensive than currently known.
BeyondTrust acknowledged the security incident and said they have notified all affected customers. The Treasury Department is expected to provide additional details in a mandated 30-day supplemental report as the investigation continues.