Chinese State-Sponsored Hackers Breach US Treasury Systems in Major Cyberattack

The US Treasury Department reported a significant cyber breach involving a Chinese state-sponsored actor that infiltrated several Treasury workstations and accessed unclassified documents, the department disclosed to US lawmakers on Monday, according to CNN. The attack is being described as a “major cybersecurity incident.”
Treasury officials were alerted by third-party software provider, BeyondTrust, on December 8, that there had been a breach in which hackers reportedly used a stolen key to bypass security measures and gain remote access to specific Treasury systems.
Aditi Hardikar, assistant secretary for management at the Treasury, attributed the attack to an Advanced Persistent Threat (APT) group linked to the Chinese government.
In response, the Treasury took the compromised services offline and is collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and third-party investigators to assess the impact. “There is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury spokesperson stated.
BeyondTrust, the third-party vendor, revealed that the breach had stemmed from its Remote Support product. Hackers had exploited a stolen key associated with the service, enabling unauthorized access to Treasury user workstations. BeyondTrust notified affected customers on December 5 after detecting anomalous activity and suspended the impacted systems.
The company assured that no other BeyondTrust products had been compromised and stated it had engaged an external cybersecurity team to investigate. Law enforcement has also been called in.
China’s Foreign Ministry dismissed the allegations, calling them baseless and politically motivated. “China opposes all forms of cyberattacks and spreading false information about China for political purposes,” said Mao Ning, the ministry’s spokesperson.
The Treasury plans to provide a classified briefing to the House Financial Services Committee on the breach. Treasury officials are also required to submit a supplemental report within 30 days detailing the incident’s scope and impact.
Efforts to fully understand the breach’s consequences are ongoing, with CISA, the FBI, and intelligence agencies actively involved. Hardikar said that the incident underscores the importance of robust cybersecurity measures to counter persistent threats.
While the exact extent of the damage remains unclear, the breach highlights vulnerabilities in integrating third-party service providers in sensitive government systems and the increasing sophistication of state-sponsored cyberattacks.