The U.S. Treasury told lawmakers in a letter Monday that it was hit by a cyberattack earlier in December, which the department has attributed to Chinese government hackers.
In the letter shared with senior U.S. House lawmakers, which TechCrunch has seen, the Treasury said the hackers gained remote access to certain Treasury employee workstations and had access to unclassified documents, in what it described as a “major cybersecurity incident.”
The Treasury said it was notified on December 8 by BeyondTrust, a company that provides identity access and remote support tech for large organizations and government departments, that hackers had “gained access to a key used by the vendor” for providing remote access technical support to Treasury employees. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.
A spokesperson for BeyondTrust did not respond to a request for comment at press time.
The letter said the department engaged U.S. cybersecurity agency CISA for assistance and, as of December 30, it has “no evidence indicating the threat actor has continued access to Treasury information.”
The Treasury confirmed in the letter that it attributed the breach to a China state-sponsored advanced persistent threat group, indicating backing from the Chinese government. It’s not clear which group was behind the intrusion, and a spokesperson would not say.
In a brief statement, Treasury spokesperson Michael Gwin said that the hackers were able to “remotely access several Treasury user workstations and certain unclassified documents maintained by those users.”
“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” the spokesperson said.
This is the latest cyberattack linked to China that has targeted the U.S. government in recent months. China-backed hackers dubbed Salt Tycoon were behind a wave of cyberattacks targeting U.S. phone companies and internet giants, including AT&T and Verizon, in a bid to get access to the private communications of senior U.S. government officials, including presidential candidates.
Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, D.C., denied the U.S. government’s attribution of the cyberattack to the Chinese government, arguing that the United States did not present evidence of its claims.
Updated with comment from the Chinese government.
Do you know more about the BeyondTrust cyberattack or the incident at the Treasury? Get in touch securely on Signal and WhatsApp at +1 646-755-8849 You can also send files and documents via SecureDrop.
