China has responded to accusations that a state-sponsored actor was responsible for a cyber breach at the US treasury department, dismissing the claims as “groundless.” The breach was carried out through a third-party cybersecurity service provider, allowing hackers to access a key used to override certain parts of the system. The incident occurred earlier this month, enabling the actor to remotely access workstations and some unclassified documents, according to a letter sent by the treasury department to lawmakers.
Despite the accusations, China has denied any involvement, with the foreign ministry stating that Beijing has always opposed hacker attacks and false information spread for political purposes. The ministry’s spokesperson, Mao Ning, reiterated China’s position against baseless accusations lacking evidence.
Following the discovery of the breach, the treasury department contacted the US Cybersecurity and Infrastructure Security Agency and has been collaborating with law enforcement to assess the impact. The compromised service has been shut down, and there is no indication that the threat actor still has access to treasury systems or information, as stated by the department’s spokesperson.
In a letter to the Senate banking committee, the treasury attributed the incident to a China state-sponsored advanced persistent threat (APT) actor, a term used to describe cyber-attacks where an intruder gains and maintains unauthorized access to a target for an extended period without detection. The department did not disclose specific details on the affected areas but promised a supplementary report with more information at a later date.
Emphasizing the seriousness of the threats against their systems and data, the treasury spokesperson reiterated their commitment to addressing cybersecurity challenges. This incident adds to growing concerns globally about Chinese government-backed hacking activities targeting various sectors.
The US has been vocal about Chinese cyber-attacks in recent years, with allegations of government-backed hacking targeting governments, militaries, and businesses. Beijing has consistently denied these accusations, stating its opposition to all forms of cyber-attacks.
In a separate incident in September, the US justice department dismantled a cyber-attack network affecting 200,000 devices worldwide, linking the operation to hackers supported by the Chinese government. Similarly, the US authorities thwarted a group of hackers referred to as “Volt Typhoon” in February, targeting critical public infrastructure at China’s direction.
In 2023, Microsoft reported that Chinese-based hackers infiltrated email accounts of several US government agencies, including the state department and the commerce secretary. The breach, attributed to the group Storm-0558, compromised accounts in approximately 25 organizations and government agencies, highlighting the persistent cybersecurity threats faced by nations globally.
As the cybersecurity landscape continues to evolve, nations like the US and China are locked in a battle to protect sensitive information and infrastructure from malicious actors seeking to exploit vulnerabilities in digital systems. The ongoing accusations and denials underscore the complex dynamics of international cyber warfare and the challenges of attribution in the digital realm.