Unclassified documents were stolen after a hack earlier this month, according to a letter sent by Treasury to Congress.
Chinese state-sponsored hackers managed to steal unclassified documents from United States Treasury workstations earlier this month, as confirmed by the US Treasury Department.
On Monday, the department disclosed that the hackers infiltrated a third-party cybersecurity service provider, leading to what they classified as a “major incident.”
In a letter sent to Congress, the US Treasury Department explained, “[The hackers] gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to bypass the service’s security, remotely access certain Treasury DO user workstations, and retrieve certain unclassified documents maintained by those users.”
A statement from the Treasury emphasized that the department takes all threats against its systems and data seriously.
The Treasury Department was notified of the breach by the cybersecurity provider, BeyondTrust, on December 8. The department is collaborating with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to evaluate the impact of the hack.
The letter addressed to the US Senate Banking Committee leadership directly attributed the incident to China, identifying it as a “China state-sponsored Advanced Persistent Threat (APT) actor.”
The Treasury Department intends to release more details in a supplementary report at a later time.
This breach report emerges shortly before the inauguration of President-elect Donald Trump, who has made threats of a trade war and tariffs against China due to concerns about the flow of the opioid fentanyl into the US.
In another instance, the US Justice Department announced that it had dismantled a cyberattack network operated by Chinese-backed hackers that affected 200,000 devices globally.
Additionally, in December, the US imposed sanctions on a Chinese cybersecurity firm and a researcher linked to a 2020 attack aiming to exploit a computer software vulnerability in company firewalls.
China has denied involvement in these attacks and reiterated its opposition to all forms of cyberattacks.
