“A Major Incident”: Chinese Hacker Allegedly Hacked the US Treasury

A Chinese state-sponsored hacker breached the cybersecurity of the US Treasury Department's systems earlier this month and accessed some unclassified documents, an official letter from US lawmakers confirmed, labeling the breach “a major incident.”

A Major Security Breach

The letter, reviewed by multiple media outlets (including Finance Magnates), detailed that the hacker gained access to US Treasury employee workstations. However, the goal was not to steal funds but to access documents.

The incident came to light as BeyondTrust, a third-party cybersecurity provider, confirmed that the hacker compromised their systems to penetrate the Treasury Department’s computers.

“A threat actor gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” the letter to the lawmakers from the US Treasury Department stated.

“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” the letter further explained.

BeyondTrust first spotted the suspicious activity on December 2 but took three days to confirm any security breach. The company informed the Treasury Department about the attack on December 8.

Since the attack, the compromised BeyondTrust service has been taken offline. The letter also highlighted no evidence that the hacker still has access to the Treasury network.

The Treasury Department will provide another supplemental report on the incident to US lawmakers in the next 30 days.

China Denies the Allegations

Despite the US’ bold letter, a spokesperson for the Chinese embassy in Washington, D.C., spoke to the BBC, denying the allegation of the state’s involvement and calling it a “smear attack” made “without any factual basis,” highlighting that it can be difficult to trace hackers' origin.

“We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” the spokesperson stated.

“The US needs to stop using cybersecurity to smear and slander China and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,” the statement continued.