Chinese Cyberattack Targets US Treasury Department

Chinese state-sponsored hackers breached the U.S. Treasury Department earlier this month, accessing unclassified documents through a compromised third-party cybersecurity vendor, BeyondTrust. Treasury officials have described the incident as a “major breach,” according to a letter sent to lawmakers.

Hackers obtained a digital key from BeyondTrust’s cloud-based technical support service, enabling them to bypass security controls and remotely access Treasury Department workstations. This allowed them to retrieve unclassified documents stored on these systems.

BeyondTrust notified the Treasury Department of the breach on December 8. Since then, the department has been working with CISA and the FBI to assess the impact and prevent further infiltration. “Treasury has significantly bolstered its cybersecurity measures and will continue working with partners to secure its systems,” the department stated.

Cybersecurity researchers have noted that the attack mirrors tactics commonly used by Chinese hacking groups, particularly their reliance on third-party service providers to gain unauthorized access. SentinelOne analyst Tom Hegel said the attack is consistent with known operations by groups linked to the People’s Republic of China.

The Chinese government has denied involvement, claiming the U.S. has no evidence to support its accusations. BeyondTrust has confirmed a security incident involving a limited number of clients but has not explicitly connected it to the Treasury hack.

The affected service has been shut down, and officials believe the breach has been contained. However, the incident highlights the vulnerabilities posed by reliance on third-party cybersecurity vendors.