The US Treasury Department has confirmed a cyber breach involving Chinese hackers who accessed employee systems and unclassified documents, categorizing the event as a "major incident." Despite official claims, China dismisses the accusations as unfounded.
US Treasury Hacked by Suspected Chinese Cyberattack: Major Breach Uncovered
US Treasury Hacked by Suspected Chinese Cyberattack: Major Breach Uncovered
A significant security breach at the US Treasury Department has been attributed to state-sponsored Chinese hackers, raising alarm about national cybersecurity.
The US Treasury Department has revealed that it fell victim to a significant cyber attack earlier this month, allegedly orchestrated by Chinese state-sponsored hackers. According to American officials, the hackers gained unauthorized access to employee workstations and certain unclassified documents, prompting the department to classify the breach as a "major incident." News of the hack was disclosed in a letter sent to lawmakers, outlining the ongoing investigations in collaboration with the FBI and various cybersecurity agencies.
In response, China has refuted these claims, labeling them as "baseless," and reiterated its stance against hacking activities. This incident is the latest in a series of cybersecurity breaches in the United States attributed to Chinese cyber operatives. Earlier this month, a separate attack on telecom companies reportedly accessed sensitive phone record data across numerous sectors.
The Treasury Department's correspondence noted that the hackers exploited a vulnerable application used by a third-party vendor for providing remote technical support to staff. This application, known as BeyondTrust, has since been deactivated as part of the mitigation response. Initial assessments indicate that the breach was executed by a Chinese Advanced Persistent Threat (APT) actor, a classification reserved for intrusions considered major cybersecurity concerns.
Investigations revealed that the hack was first detected on December 2 by BeyondTrust, but it took three days for the vendor to confirm that it had been compromised. During this window, the hackers gained remote access to multiple Treasury workstations and potentially sensitive documents belonging to staff. However, specific details regarding the nature of the compromised files or the seniority of the affected personnel remain unclear, as officials have not disclosed the classification level of the systems breached.
While the hack is suspected to have been conducted for espionage purposes—rather than financial theft—Treasury officials have assured that they have implemented protocols to ensure that there has been no ongoing access to sensitive information since the initial discovery of the breach. A detailed supplemental report on the findings will be provided to lawmakers within 30 days.
China's position remains adamant, with foreign ministry spokesperson Mao Ning condemning the accusations, insisting that they lack factual support and framing them as politically motivated attacks against China. In recent months, multiple groups of hackers allegedly linked to the Chinese government—including the recently identified Volt Typhoon—have been reported to target critical infrastructure and engage in espionage operations.
The FBI has been active in countering these recent cyber threats, intensifying efforts to shut down groups like Volt Typhoon. Despite the series of allegations, the US has yet to disclose definitive evidence linking China to this specific hack, leaving room for continued discourse on cybersecurity relations between the two nations.
