U.S. Treasury Department Targeted in Cyberattack by China-Backed Group

The U.S. Treasury Department has confirmed a significant cybersecurity breach, revealing that a hacking group with ties to China accessed government workstations and unclassified documents. The intrusion, which bypassed certain security protocols, prompted an immediate response from federal agencies.

The breach was initially detected on December 8th, when third-party software provider BeyondTrust notified the Treasury that a security key had been compromised, as first reported by The Washington Post. This compromised key allowed the hackers to circumvent standard security measures and access systems remotely.

Upon discovery, the Treasury Department classified the incident as "major," in line with its protocol for nation-state cyberattacks. The agency promptly alerted the Cybersecurity and Infrastructure Security Agency (CISA) and took the affected BeyondTrust service offline. A spokesperson said the Treasury is working with public and private partners to assess the extent of the breach.

While the exact number of affected workstations and the nature of the accessed documents remain undisclosed, officials have stated that there is currently no evidence of ongoing access to Treasury information. The department has emphasized its commitment to bolstering cyber defenses, citing significant enhancements made over the past four years.

Assistant Treasury Secretary Aditi Hardikar, in a letter to lawmakers, attributed the attack to a Chinese state-sponsored Advanced Persistent Threat (APT) actor. The letter detailed how the stolen security key enabled the hackers to access user workstations and unclassified files. In response to the incident, the Treasury has engaged with both the FBI and CISA.