The US Treasury told lawmakers in a letter on Monday that it was hit by a cyber attack in early December that the department attributed to Chinese government hackers.
In the letter shared with senior House lawmakers, seen by TechCrunch, Treasury said hackers gained remote access to several Treasury employees’ workstations and accessed unclassified documents in what it described as a “major cyber security incident”.
The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support technology to large organizations and government departments, that hackers had “gained access to a key used by the vendor” to provide support technical remote access for treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.
A spokesperson for BeyondTrust did not respond to a request for comment by press time.
The letter said the department engaged the US cybersecurity agency CISA for assistance and, as of Dec. 30, there is “no evidence indicating that the threat actor has continued to access Treasury information.”
Treasury confirmed in the letter that it attributed the breach to an advanced Chinese state-sponsored persistent threat group, indicating support from the Chinese government. It is not clear which group is behind the hack, and a spokesman would not say.
In a brief statement, Treasury spokesman Michael Gwin said the hackers were able to “remotely access several Treasury users’ workstations and some unclassified documents held by those users.”
“The Treasury takes all threats against our systems and the data they hold very seriously. “Over the past four years, the Treasury has significantly strengthened its cyber defenses and we will continue to work with private and public sector partners to protect our financial system from threat actors,” the spokesperson said.
This is the latest China-linked cyber attack to target the US government in recent months. Chinese-backed hackers called Salt Tycoon were behind a wave of cyberattacks targeting US phone companies and internet giants, including AT&T and Verizon, in an attempt to gain access to the private communications of top US government officials. including presidential candidates.
A spokesman for the Chinese Embassy in Washington, DC, did not immediately return a request for comment.
