The U.S. Treasury Department has confirmed a significant cybersecurity breach attributed to a Chinese state-sponsored hacking group. The incident, described as a “major cybersecurity event,” involved the compromise of employee workstations and unclassified documents earlier this month.
Details of the breach were outlined in a letter from the Treasury Department to lawmakers, highlighting the serious nature of the intrusion and the ongoing investigation.
The attack was reportedly carried out by a “China-based Advanced Persistent Threat (APT) actor” exploiting a vulnerability in BeyondTrust, a third-party provider of remote technical support for Treasury employees. The compromised service has been taken offline, and officials have found no evidence of further unauthorized access.
Treasury officials were notified of the breach on December 8, days after BeyondTrust detected unusual activity on December 2. A delay in confirming the breach potentially gave the hackers time to create accounts or change passwords.
Investigators believe the hackers aimed to gather sensitive information rather than steal financial assets. The Treasury Department is collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and external forensic experts to assess the breach’s impact.
“In accordance with Treasury policy, intrusions attributed to an APT are classified as major cybersecurity incidents,” the department stated. A supplementary report will be submitted to lawmakers within 30 days.
Chinese Embassy Responds
The Chinese embassy in Washington denied the allegations, labeling them as unfounded and dismissing the accusations as a “smear campaign.” Embassy spokesperson Liu Pengyu emphasized the difficulties of attributing cyberattacks to specific sources and urged a more responsible approach.
“The United States should stop using cybersecurity as a pretext to defame China and cease spreading misinformation about alleged Chinese hacking threats,” Liu said.
Rising Cybersecurity Threats
This breach follows a series of high-profile cyberattacks attributed to Chinese hackers. Last year, telecom companies were targeted, potentially exposing the phone records of many Americans.
The Treasury Department reaffirmed its commitment to protecting its systems and data from cyber threats. “We take all threats to our systems and data very seriously,” a spokesperson said.
The breach has intensified scrutiny of the department’s cybersecurity protocols, with lawmakers expected to demand stronger measures. As cyberattacks grow more sophisticated, the U.S. government is likely to enhance efforts to secure critical infrastructure.
