Chinese hackers infiltrated the US Treasury in a significant cyberattack, stealing documents by exploiting a third-party software provider. The breach, discovered early Tuesday, allowed access to several unclassified files, though the Treasury hasn’t disclosed the number of workstations affected or the sensitivity of the stolen information.
“There’s currently no evidence indicating the threat actor still has access to Treasury information,” the department assured lawmakers in a letter. A Treasury spokesperson added, “We take all threats seriously,” noting that an investigation is underway to assess the breach and any potential losses.
This attack is part of a broader Chinese cyberespionage campaign, dubbed Salt Typhoon, which has also targeted U.S. telecommunications companies and compromised private communications. The breach was flagged on December 8 by BeyondTrust, the third-party provider whose stolen key gave hackers remote access to employees’ systems.
The Treasury, alongside the FBI, CISA, and private-sector partners, is working to evaluate the damage and strengthen its defenses. The compromised service has since been taken offline, and officials stress there’s no evidence of ongoing access to Treasury systems.
