NAIROBI, Kenya- A sophisticated cyberattack attributed to a Chinese state-sponsored group has infiltrated the US Treasury Department, compromising employee workstations and unclassified documents.
The breach, which took place in early December, was deemed a “major incident” by the agency, marking another alarming escalation in cyber espionage activities linked to China.
The hackers exploited a vulnerability in a third-party service provider, BeyondTrust, which offers remote technical support to the Treasury.
By overriding security measures, the attackers gained access to several employee workstations and unclassified files.
The Treasury Department, alongside the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), is investigating the breach to determine its full scope. BeyondTrust initially detected suspicious activity on December 2, notifying the Treasury six days later.
During this critical window, hackers may have created accounts or altered passwords, raising concerns about the extent of access gained.
Officials believe the attack was carried out by a China-based Advanced Persistent Threat (APT) actor, with evidence pointing to espionage rather than financial theft.
Despite the breach, the Treasury maintains there is no indication of continued unauthorized access since BeyondTrust was taken offline.
The Chinese embassy in Washington dismissed the allegations, calling them a “smear attack” without credible evidence.
Embassy spokesman Liu Pengyu emphasized the difficulty of accurately tracing the origins of cyberattacks and urged the US to avoid spreading “disinformation” about Chinese hacking threats.
This breach follows another high-profile incident targeting US telecoms in December, further intensifying concerns about cybersecurity vulnerabilities.
As global tensions rise in cyberspace, organizations like CISA are ramping up efforts to mitigate future breaches.
