Chinese state-sponsored hackers breached the U.S. Treasury Department earlier this month, accessing unclassified documents through a compromised third-party cybersecurity vendor, BeyondTrust. Treasury officials have described the incident as a “major breach,” according to a letter sent to lawmakers.
Hackers obtained a digital key from BeyondTrust’s cloud-based technical support service, enabling them to bypass security controls and remotely access Treasury Department workstations. This allowed them to retrieve unclassified documents stored on these systems.
Shocking claims of US Treasury hack by China raise more questions than answers, especially given the suspicious timing. pic.twitter.com/QpOt2NCPCC
— Truthful Voice (@webheraldnet) December 30, 2024
BeyondTrust notified the Treasury Department of the breach on December 8. Since then, the department has been working with CISA and the FBI to assess the impact and prevent further infiltration. “Treasury has significantly bolstered its cybersecurity measures and will continue working with partners to secure its systems,” the department stated.
SHOCKING: 🇨🇳 China Allegedly Hacks US Treasury in Massive Cyberattack – FBI Launches Urgent Probe
What do you think this means for US-China relations? 🤯 pic.twitter.com/5EKpOjhdGI
— Nyke Nakamoto (@Nyke_Nakamoto) December 30, 2024
Cybersecurity researchers have noted that the attack mirrors tactics commonly used by Chinese hacking groups, particularly their reliance on third-party service providers to gain unauthorized access. SentinelOne analyst Tom Hegel said the attack is consistent with known operations by groups linked to the People’s Republic of China.
BREAKING: China hacked the U.S. Treasury Department, gaining access to workstations and documents – NYT
I bet their login credentials were extremely secure…like “guest” or “password1.” pic.twitter.com/KkGoUJr5Kj
— Chad Prather (@WatchChad) December 30, 2024
The Chinese government has denied involvement, claiming the U.S. has no evidence to support its accusations. BeyondTrust has confirmed a security incident involving a limited number of clients but has not explicitly connected it to the Treasury hack.
BREAKING: CHINA HACKS THE US TREASURY DEPARTMENT
THE TIME TO DITCH THE DOLLAR IS NIGH pic.twitter.com/q3DVC2uRvp
— Aaron Day (@AaronRDay) December 30, 2024
The affected service has been shut down, and officials believe the breach has been contained. However, the incident highlights the vulnerabilities posed by reliance on third-party cybersecurity vendors.
“⚡️ US Treasury claims China hacked ‘some of its workstations.’
Apparently the Chinese hackers found ‘Top 5 ways to raise the National Debt’ in a locked folder.”
– @RT_com pic.twitter.com/RJpOqK4d7X
— George Weah MDAV∆♛🍷🇳🇬 (@marinelo_dav) December 30, 2024
China hacks US Treasury only to find it empty
with an IOU for $199 Trillion Dollars from Ukraine
and the Bidens. pic.twitter.com/7hnxrxDpWT— Azore Lure (@AzoreLure) December 30, 2024