The U.S. Treasury Department revealed on Monday that Chinese hackers were able to remotely access a number of its workstations and unclassified documents after compromising a third-party software service provider. Although the department did not disclose the exact number of workstations breached or the type of documents accessed, it assured lawmakers that there is currently no evidence to suggest that the hackers still have ongoing access to Treasury information. The breach has been labeled as a “major cybersecurity incident” and is under investigation.
In response to the breach, a spokesperson for the Treasury Department emphasized the seriousness with which they view threats to their systems and data. The department has made significant efforts over the past four years to strengthen its cybersecurity defenses and is committed to working with both private and public sector partners to safeguard the financial system from malicious actors.
This incident comes at a time when U.S. officials are facing the aftermath of a large-scale Chinese cyberespionage campaign known as Salt Typhoon, which granted Chinese officials access to the private communications of numerous Americans. As the extent of the hack continues to unfold, it has been revealed that nine telecommunications companies were affected.
The Treasury Department first became aware of the breach on December 8th, when BeyondTrust, a third-party software service provider, alerted them to the theft of a key that enabled hackers to bypass the service’s security measures and gain remote access to employee workstations. The compromised service has since been taken offline, and steps have been taken to prevent further access to department information.
In response to the breach, Assistant Treasury Secretary Aditi Hardikar assured leaders of the Senate Banking Committee that the department is collaborating with the FBI and the Cybersecurity and Infrastructure Security Agency to investigate the scope of the hack. The attack has been attributed to Chinese state-sponsored actors, although further details were not provided.
As cybersecurity threats continue to evolve, the U.S. government faces ongoing challenges in defending against sophisticated attacks from foreign entities. The Treasury Department’s response to this breach highlights the importance of robust cybersecurity measures and collaboration between public and private sector stakeholders to protect critical systems and information.