US Treasury Hit By Chinese State-Sponsored Hackers

Chinese hackers linked to the government breached U.S. Treasury Department systems earlier this month, stealing unclassified documents in an attack described as a “major incident.” Treasury officials disclosed the breach in a letter to lawmakers, attributing the infiltration to a compromise of BeyondTrust, a third-party cybersecurity service provider.

The attackers gained unauthorized access by exploiting a key used by BeyondTrust to secure a cloud-based technical support platform. With this key, the hackers bypassed security measures, accessed Treasury Department workstations, and retrieved unclassified documents.

BeyondTrust informed the Treasury Department of the breach on December 8. Since then, Treasury has worked with CISA and the FBI to evaluate the damage and implement additional cybersecurity measures. “Treasury takes these threats seriously,” the department said in its statement, emphasizing ongoing efforts to strengthen defenses.

Cybersecurity experts have noted that the breach aligns with established tactics of Chinese state-sponsored hacking groups. These groups often exploit third-party services to infiltrate high-value targets. SentinelOne’s Tom Hegel commented, “This incident fits a well-documented pattern of operations by PRC-linked groups.”

The Chinese Embassy in Washington has rejected the allegations, accusing the U.S. of making unfounded claims. BeyondTrust, based in Georgia, has acknowledged a recent security breach involving a limited number of clients, though it has not directly tied its incident to the Treasury attack.

The compromised service has been taken offline, and officials believe the hackers no longer have access to additional department information. The breach underscores the growing risks posed by state-sponsored cyberattacks on federal agencies.