Chinese hackers seized documents in a “major incident,” says US Treasury

Chinese state-sponsored hackers broke through the computer security measures of the U.S. Treasury Department this month and stole records in what the Treasury called a “major incident,” according to a letter to lawmakers, opens new tab that Treasury officials provided to media on Monday.

The letter claimed that the hackers gained access to unclassified material after breaching the third-party cybersecurity service provider BeyondTrust.

According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said.

The Treasury Department stated that it was collaborating with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to evaluate the implications of the intrusion after being notified of the breach by BeyondTrust on December 8.

An email asking for further information regarding the attack was not immediately answered by Treasury authorities. CISA forwarded inquiries back to the Treasury Department, and the FBI did not immediately reply to Reuters’ requests for comment.

A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.”