US Treasury Reports Major Hack by Chinese State-Sponsored Hackers

The Treasury Department was notified of the breach on December 8 and is working with CISA and the FBI to assess its scope.

Washington: The U.S. Treasury Department confirmed this month that Chinese state-sponsored hackers breached its computer systems, stealing sensitive documents in what Treasury officials are calling a “major incident”. A letter detailing the breach was shared with lawmakers and provided to Reuters on Monday.

The cyberattack targeted BeyondTrust, a third-party cybersecurity service provider, which allowed the hackers to access unclassified documents. According to the Treasury’s letter, the hackers gained access to a critical digital key used by BeyondTrust to secure a cloud-based service that provides remote technical support for Treasury Department Offices (DO) end users.

With this stolen key, the hackers were able to bypass the security protocols, remotely access certain Treasury DO user workstations, and steal unclassified documents from those workstations.

The Treasury Department was notified of the breach by BeyondTrust on December 8, and since then, the department has been working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the scope of the hack. However, Treasury officials did not immediately respond to requests for further comment, and the FBI did not provide any immediate response to Reuters’ inquiries. CISA referred questions back to the Treasury Department.

A Chinese Embassy spokesperson in Washington denied any involvement, stating that Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.”

Also Read | ISRO Set to Launch NVS-02 Satellite in January 2025, With Multiple Missions in Pipeline

BeyondTrust, headquartered in Johns Creek, Georgia, confirmed the breach, stating that it had “identified and took measures to address a security incident in early December 2024” involving its remote support product. The company notified the affected customers and law enforcement, and has since been cooperating with investigations. In a statement on its website, BeyondTrust confirmed that a digital key had been compromised, and the investigation is ongoing.

Also Read | Swiss Cabin Crew Member Passes Away Following Flight Smoke Incident

Tom Hegel, a threat researcher at SentinelOne, a cybersecurity company, noted that the attack aligns with tactics commonly used by Chinese-linked hacker groups. He explained that the focus on exploiting trusted third-party services has become a prominent method for these groups in recent years, saying, “This fits a well-documented pattern of operations by PRC-linked groups.”

Recent News

Trump Slaps Tariffs on Australian Beef—Prices Set to Rise in U.S.

Moss Vale, Australia: At a bustling cattle auction in Australia’s verdant Southern Highlands, an auctioneer’s voice echoes over the din of nearly 2,000 cows...

Regulator Investigates Sentebale: Prince Harry Hopes for ‘Truth’

London: Prince Harry expressed hope on Thursday that Britain's charity regulator would "unveil the truth" after it launched a compliance case into his charity,...

Quality NEET Preparation Now More Accessible Than Ever: Game-Changing LIVE Course For NEET 2026 Aspirants

ALLEN Online, the digital arm of India's premier coaching institute, today announced the launch of its most unique LIVE NEET package yet, at an...

Must-Have Gym Gear for Men: Stay Fresh, Focused, and Ready to Perform

When the desire to stay fit and active begins to take shape, the right workout gear becomes a vital part of the process. It...