Chinese hackers remotely accessed workstations and documents in a ‘major’ cyber incident, U.S. Treasury says

The U.S. Treasury Department revealed on Monday that Chinese hackers had gained access to unclassified documents on multiple of its workstations. The compromise of BeyondTrust, a third-party software service provider, preceded this breach.

The department acknowledged the incident as a “major cybersecurity incident” in a letter to lawmakers, but it did not reveal the precise number of impacted workstations or the type of documents that were accessed. The letter made clear that there isn’t any proof that the threat actors continue to have access to Treasury Department data.

In addition to stressing the substantial investments made in bolstering its defenses over the previous four years, a Treasury Department spokesperson reaffirmed the agency’s dedication to cybersecurity. In order to protect the country’s financial system from cyberattacks, the spokesperson underlined the department’s continued cooperation with partners in the public and private sectors.

“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” a department spokesperson stated.

The ongoing investigation into the “Salt Typhoon” cyberespionage campaign, which started in China and exposed the private communications of many Americans, coincides with this revelation. Nine telecom companies are now impacted by this campaign, according to a senior White House official who made the announcement recently.

After receiving a notification from BeyondTrust, the third-party software provider, about the theft of a crucial key, the Treasury Department first learned about the breach on December 8. The hackers were able to remotely access employee workstations and get around the service’s security measures thanks to this key.

In her letter to the Senate Banking Committee, Assistant Secretary Aditi Hardikar stated that the compromised service has been immediately taken offline and that there is no indication of ongoing unauthorized access to Treasury Department data.

To fully examine the extent of the breach, the department is working closely with the FBI and the Cybersecurity and Infrastructure Security Agency. Although more information was not given, the investigation has linked the attack to state-sponsored actors acting from China.