China-Backed Hackers Blamed For "Major Cyber Incident" At US Treasury

On Monday, the US Treasury Department informed lawmakers about a "major cybersecurity incident" involving a state-sponsored Chinese hacking group that infiltrated Treasury computers and accessed unclassified documents. 

In a letter circulating on X, Aditi Hardikar, Assistant Secretary for Management at the US Treasury, revealed that the third-party software service provider BeyondTrust notified Treasury officials about the breach on December 8. The letter is addressed to Senator Sherrod Brown (D-Ohio) and Senator Tim Scott (R-S.C.), the chairman and ranking member, respectively, of the Committee on Banking, Housing, and Urban Affairs.

Chinese "threat actors had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service's security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users," Hardikar wrote in the letter.

Hardikar said, "Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor." 

"The compromised BeyondTrust service has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information," she noted. 

The US Treasury has been working with the Cybersecurity and Infrastructure Security Agency, the FBI, and other US intelligence agencies, as well as "third-party forensic investigators" to fully understand the breach and its overall impact. 

"In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident," Hardikar said, adding, "More details will be made available in our 30-day supplemental report to this notification." 

It remains unclear how many Treasury workstations the Chinese hacking group was able to infiltrate.

This comes as Chinese hacking groups continue efforts to hack US organizations under a weak and seemingly pro-China Biden-Harris administration. Cyber risks are not limited to federal agencies, critical infrastructure, and corporations; home routers, firewalls, storage devices, and Internet of Things (IoT) devices have also been compromised. Additionally, US telecommunications networks have suffered one of the "worst telecom breaches" in American history.

We suspect the incoming Trump administration will not stand for China-backed hacking teams wreaking havoc nationwide.