 "US Treasury Department says Chinese hackers stole documents in 'major incident'. Source: Reuters.")
America has claimed that a Chinese state-sponsored hacker has breached the US Treasury Department’s computer systems earlier this month, accessing employee workstations and stealing some unclassified documents.
The US Treasury Department characterised the breach as a “major incident”, stating that it had been working with the FBI and other agencies to investigate the impact.
When & how China hacked US Treasury Department systems
In a letter notifying the incident to lawmakers, the US Treasury Department said that the breach occurred in early December through a third-party cybersecurity provider, BeyondTrust who were able to access unclassified documents.
What all data have been accessed
In the letter, the US Treasury Department claimed that hackers “gained” access to a key used by BeyondTrust to “secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.”
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” it further stated.
The Treasury Department further said that it was alerted by Georgia-based BeyondTrust about the breach on December 8.
As per a BBC report, the company first spotted the suspicious activity on December 2, but it took three days for them to determine that it had been hacked.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” assistant secretary for management at the US Treasury, Aditi Hardikar, wrote in the letter.
Meanwhile, a spokesperson of the Treasury Department said that the hacker was able to remotely access several Treasury user workstations and certain unclassified documents that were kept by those users.
The spokesperson further informed, “The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information.”
Impact Shorts
View AllIt also said that there is no evidence to suggest the hacker has continued to access Treasury Department information since.
However, the department did not specify when and for how long the hack took place and the nature of the files being accessed or stolen. They also did not specify the level of confidentiality of the computer systems.
A report by Reuters said a spokesperson for BeyondTrust, based in Johns Creek, Georgia, told the agency that the company “previously identified and took measures to address a security incident in early December 2024” involving its remote support product.
BeyondTrust “notified the limited number of customers who were involved,” and law enforcement was notified, the spokesperson said. “BeyondTrust has been supporting the investigative efforts.”
Accusation part of US’ ‘smear attack’
China, meanwhile, rejected any responsibility for the hack and said that the accusation is a part of a “smear attack” and was made “without any factual basis.”
Beijing “firmly opposes the US’s smear attacks against China without any factual basis,” a spokesperson for the Chinese Embassy in Washington said.
With inputs from agencies.