Chinese hackers remotely accessed several US Treasury Department workstations and unclassified documents after compromising a third-party software service provider, the agency said Monday.
The department did not provide details on how many workstations were accessed or what types of documents the hackers may have obtained, but said in a letter to lawmakers disclosing the breach that “at this time there is no evidence to indicate that the threat actor has continued to access Treasury information.”
“Treasury takes all threats against our systems and the data they hold very seriously,” the department said.
“Over the past four years, the Treasury has significantly strengthened its cyber defenses, and we will continue to work with private and public sector partners to protect our financial system from threat actors.”
The letter describes the hack as a “major incident.”
The department said it learned of the problem on Dec. 8 when a third-party software service provider, BeyondTrust, announced that hackers had stolen a key used by the vendor that helped it override the system and gain remote access to several workstations. employees.
The compromised service has since been removed and there is no evidence that the hackers still have access to the department’s information, Aditi Hardikar, an assistant secretary of the Treasury, said in a letter Monday to leaders of the Senate Banking Committee.
The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency and that the hack was attributed to Chinese perpetrators.
He did not elaborate.
The revelation comes as US officials continue to grapple with the fallout from a massive Chinese cyber campaign known as Salt Typhoon that gave officials in Beijing access to the private texts and phone conversations of an unknown number of Americans.
A senior White House official said Friday that the number of telecommunications companies affected by the hack has now risen to nine.
