Chinese hackers remotely accessed several U.S. Treasury Department workstations and unclassified documents after compromising a third-party software service provider, according to the department.
The big picture: The Treasury Department did not specify the exact number of workstations accessed or the type of documents obtained by the hackers. However, the department stated that there was no evidence suggesting the hackers still had ongoing access to Treasury information.
- The breach is being treated as a “major cybersecurity incident” and is currently under investigation.
What they’re saying: The department emphasized its commitment to cybersecurity and noted significant improvements in cyber defense over the past four years, in collaboration with private and public sector partners.
- In response to hacking allegations, a Foreign Ministry spokesperson in Beijing reiterated China’s stance against hacking and false accusations without evidence.
Driving the news: This incident follows a recent major cyberespionage campaign by China known as Salt Typhoon, which granted Beijing officials access to private communications of Americans from telecommunications companies.
- The Treasury Department was notified of the breach on December 8 by BeyondTrust, a third-party software service provider, after hackers stole a key used for securing a cloud-based service that facilitated remote technical support.
- The compromised service has been shut down, and there is no indication that the hackers still have access to confidential department information.
- The Treasury Department is working with the FBI, the Cybersecurity and Infrastructure Security Agency, and other entities to assess the impact of the breach, attributing it to Chinese state-sponsored actors.
