Chinese hackers gained unauthorized access to several U.S. Treasury Department workstations and unclassified documents by exploiting vulnerabilities in a third-party software service provider, the department disclosed Monday.
While the Treasury did not specify the number of affected workstations or detail the nature of the compromised documents, a letter to lawmakers revealed that there is currently no evidence suggesting the hackers maintain ongoing access to Treasury systems. The breach is being investigated as a “major cybersecurity incident.”
“Treasury takes very seriously all threats against our systems and the data it holds,” a department spokesperson stated. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
In Beijing, Chinese Foreign Ministry spokesperson Mao Ning dismissed the accusations, reiterating China’s standard stance on cyber allegations.
“We have repeatedly stated our position on such groundless accusations that lack evidence,” Mao said during a daily briefing. “China consistently opposes all forms of hacking, and we are even more opposed to the dissemination of false information against China for political purposes.”
This breach comes in the wake of an ongoing Chinese cyberespionage campaign, Salt Typhoon, which targeted telecommunications firms and gave Beijing access to private communications of an undetermined number of Americans. U.S. officials recently confirmed that nine telecom companies had been affected by the campaign.
The Treasury Department became aware of the breach on December 8 when its software provider, BeyondTrust, reported that hackers had stolen a key used to secure a cloud-based service for remote technical support. This key allowed the hackers to bypass the service’s security protocols and gain access to several employee workstations.
The compromised service has since been deactivated. Assistant Treasury Secretary Aditi Hardikar assured lawmakers in a letter that there is no indication the hackers currently retain access to department information.
The department is collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and other partners to assess the breach’s impact. Officials have attributed the hack to Chinese state-sponsored actors but have not provided additional details.
This incident underscores the persistent cybersecurity threats faced by U.S. institutions and highlights the vulnerabilities associated with third-party software services.