The US Treasury has confirmed that Chinese state-sponsored hackers carried out a significant cyberattack, gaining unauthorized access to workstations and documents.
The cyber incident, which occurred in the early hours of Tuesday, saw hackers breach a third-party software service provider, enabling them to steal several unclassified documents. While the department did not disclose the number of workstations affected or the sensitivity of the stolen documents, it assured lawmakers that there was no evidence of continued access to Treasury information.
In a letter to US lawmakers, the Treasury Department emphasized its commitment to safeguarding its systems. A spokesperson further stated, “Treasury takes very seriously all threats against our systems, and the data it holds,” adding that an investigation had been launched to assess the breach and the extent of the damage.
This attack comes amid ongoing concerns over a large-scale Chinese cyberespionage campaign, known as Salt Typhoon, which has reportedly granted Beijing access to private communications of several Americans. At least nine US telecommunications companies were affected by the Salt Typhoon breaches, according to a senior White House official.
The Salt Typhoon breaches were first discovered on December 8, when third-party provider BeyondTrust alerted US authorities. BeyondTrust revealed that the hackers had stolen a key used to secure a cloud-based service, which allowed them to remotely access employees’ workstations.
Following the breach, the Treasury Department took immediate action by removing the compromised service from operation. It continues to work with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and private sector partners to investigate the attack. The Treasury has attributed the breach to Chinese state-sponsored hackers.
