Hackers linked to the Chinese government breached the US Treasury Department using vulnerabilities in third-party remote management software, marking a significant security incident. As reported by The New York Times, the breach exposed unclassified documents and highlights the persistent risks posed by state-sponsored cyberattacks.
According to a letter the Treasury Department shared with lawmakers (via TechCrunch), US officials learned of the breach on December 8. BeyondTrust, a third-party company providing remote support tools, informed the Treasury that a compromised security key used for technical support had been stolen. Hackers used the key to remotely access employee workstations and unclassified documents.
The incident targeted BeyondTrust, a company that provides remote support tools for large organizations, including government agencies. On December 8, BeyondTrust informed the Treasury that a stolen key, used to secure its cloud-based service, had been compromised. This allowed attackers to bypass security protocols, gaining remote access to employee workstations and unclassified files.
The Treasury, with assistance from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, quickly responded by taking the affected BeyondTrust service offline. Officials confirmed there is no evidence of continued access to Treasury systems. Treasury spokesperson Michael Gwin told The Verge that the department has worked to fortify its defenses in recent years.
“Treasury takes very seriously all threats against our systems and the data it holds,” Gwin said. “We will continue working with both private and public sector partners to protect our financial system from threat actors.”
BeyondTrust disclosed the incident earlier this month, noting that the compromised API key was immediately revoked and affected customers were notified. However, the company has not provided further details about how the breach occurred.
The Treasury attributed the attack to an advanced persistent threat group backed by the Chinese government, although the specific group remains unnamed. Chinese Embassy spokesperson Liu Pengyu denied the allegations, stating that the US has not provided evidence to support its claims.
This breach follows a series of cyberattacks linked to Chinese state-sponsored groups, including campaigns targeting US telecommunications providers to intercept communications of senior officials.
The breach underscores the vulnerability of critical systems relying on third-party software and the importance of robust cybersecurity measures. While the Treasury reports no ongoing access, the incident raises concerns about the safeguards in place to prevent similar attacks in the future.
