The U.S. Treasury Department revealed on Monday that Chinese hackers were able to remotely access several of its workstations and unclassified documents by compromising a third-party software service provider. The department did not disclose the exact number of workstations that were breached or the specific documents that were accessed. However, they assured lawmakers that there is currently no evidence to suggest that the hackers still have ongoing access to Treasury information.
In response to the breach, a department spokesperson emphasized the seriousness with which they take all threats to their systems and data. They highlighted the significant efforts made over the past four years to enhance their cyber defense capabilities and expressed a commitment to collaborating with both private and public sector partners to safeguard the financial system from malicious actors.
Meanwhile, in Beijing, a Foreign Ministry spokesperson reiterated China’s longstanding denial of involvement in hacking activities, stating that they oppose all forms of hacking and the dissemination of false information for political purposes. This response is consistent with China’s standard reaction to allegations of cyberespionage.
This incident comes in the wake of ongoing concerns about a large-scale Chinese cyberespionage campaign known as Salt Typhoon, which has already impacted multiple U.S. telecommunications companies. A recent statement from a senior White House official revealed that the number of affected companies has now risen to nine, underscoring the pervasive nature of the threat posed by cyberattacks originating from China.
The Treasury Department first became aware of the breach on December 8 when BeyondTrust, the third-party software service provider, alerted them to the unauthorized access. The hackers had exploited a stolen key to bypass the service’s security measures and gain remote entry to employee workstations. While the compromised service has since been deactivated, the department is working closely with federal agencies such as the FBI and the Cybersecurity and Infrastructure Security Agency to assess the impact of the breach.
According to Aditi Hardikar, an assistant Treasury secretary, the hack has been attributed to Chinese state-sponsored actors, although specific details regarding the attribution have not been disclosed. The investigation into the incident is ongoing, and efforts are being made to ensure that the department’s information is adequately protected from future cybersecurity threats.
Overall, this latest breach underscores the persistent and evolving challenges posed by cyberattacks, particularly those originating from foreign state-sponsored actors. The Treasury Department’s response highlights the importance of coordinated efforts between government agencies and private sector partners to enhance cybersecurity defenses and mitigate the risks associated with such intrusions.