The US Treasury Department has reported a “major cybersecurity incident” involving a breach by Chinese state-sponsored hackers. The intrusion, revealed in a letter sent to Congress on Monday, occurred through a third-party software service provider.
The breach was first detected on December 8 when BeyondTrust Inc., a cybersecurity vendor contracted by the Treasury, notified the department that hackers had gained access to a key used to secure a cloud-based service for remote technical support to Treasury offices.
Scope of the Breach
Hackers reportedly accessed certain Treasury workstations and unclassified documents. The compromised service has since been taken offline, and officials stated there is no evidence the attackers maintain access to Treasury systems or data.
The Treasury Department is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, intelligence agencies, and third-party forensic investigators to address the breach.
Attribution to China
According to the Treasury, the sophisticated attack is attributed to advanced hackers tied to China. The Chinese embassy in Washington dismissed the allegations, accusing the US of spreading “disinformation” and conducting “smear attacks against China.”
Vendor Under Scrutiny
BeyondTrust, the cybersecurity firm involved, has federal contracts exceeding $4 million and works with several US agencies, including the Department of Defense, Department of Veterans Affairs, and Department of Justice. BeyondTrust has not commented on the incident.
Wider Cybersecurity Concerns
The breach at the Treasury coincides with ongoing investigations into a widespread cyber-espionage campaign targeting US telecommunications firms. The White House has linked these attacks to a group known as “Salt Typhoon,” allegedly backed by China. The campaign reportedly involved infiltrating telecom networks and gathering information, including phone calls and text messages of prominent individuals.
Political Context
The incident comes amid efforts to stabilize US-China relations, highlighted by recent meetings between President Joe Biden and Chinese leader Xi Jinping at the APEC summit in Peru. However, cybersecurity issues, including the Salt Typhoon attacks, have strained these efforts.
National Security Adviser Jake Sullivan confirmed that Biden raised concerns about the cyberattacks during the summit, to which Xi responded by denying evidence of Chinese involvement.
Next Steps
Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies, announced plans for further actions against Beijing, following recent moves such as banning China Telecom operations in the US.
As investigations continue, the breach underscores growing tensions and challenges in the realm of cybersecurity between the US and China.
