Washington: The U.S. Treasury Department confirmed this month that Chinese state-sponsored hackers breached its computer systems, stealing sensitive documents in what Treasury officials are calling a “major incident”. A letter detailing the breach was shared with lawmakers and provided to Reuters on Monday.
The cyberattack targeted BeyondTrust, a third-party cybersecurity service provider, which allowed the hackers to access unclassified documents. According to the Treasury’s letter, the hackers gained access to a critical digital key used by BeyondTrust to secure a cloud-based service that provides remote technical support for Treasury Department Offices (DO) end users.
With this stolen key, the hackers were able to bypass the security protocols, remotely access certain Treasury DO user workstations, and steal unclassified documents from those workstations.
The Treasury Department was notified of the breach by BeyondTrust on December 8, and since then, the department has been working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the scope of the hack. However, Treasury officials did not immediately respond to requests for further comment, and the FBI did not provide any immediate response to Reuters’ inquiries. CISA referred questions back to the Treasury Department.
A Chinese Embassy spokesperson in Washington denied any involvement, stating that Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.”
Also Read | ISRO Set to Launch NVS-02 Satellite in January 2025, With Multiple Missions in Pipeline
BeyondTrust, headquartered in Johns Creek, Georgia, confirmed the breach, stating that it had “identified and took measures to address a security incident in early December 2024” involving its remote support product. The company notified the affected customers and law enforcement, and has since been cooperating with investigations. In a statement on its website, BeyondTrust confirmed that a digital key had been compromised, and the investigation is ongoing.
Also Read | Swiss Cabin Crew Member Passes Away Following Flight Smoke Incident
Tom Hegel, a threat researcher at SentinelOne, a cybersecurity company, noted that the attack aligns with tactics commonly used by Chinese-linked hacker groups. He explained that the focus on exploiting trusted third-party services has become a prominent method for these groups in recent years, saying, “This fits a well-documented pattern of operations by PRC-linked groups.”
