In a letter addressed to senior U.S. House lawmakers, the Treasury revealed that attackers remotely accessed employee workstations and unclassified documents, describing the incident as a “major cybersecurity breach.” The attack came to light on December 8 when BeyondTrust, a provider of identity access and remote support tools for organizations and government agencies, alerted the Treasury to the compromise. The attackers reportedly obtained a key used by BeyondTrust for remote technical support, though the method of acquisition remains unclear.
BeyondTrust has yet to comment on the breach.
The Treasury sought assistance from the Cybersecurity and Infrastructure Security Agency (CISA) and stated that, as of December 30, there is no evidence suggesting the attackers retain access to Treasury systems or information.
The department attributed the breach to an advanced persistent threat group sponsored by the Chinese government. However, the specific group involved has not been named, and the Treasury has refrained from providing further details.
Michael Gwin, a Treasury spokesperson, confirmed that hackers remotely accessed several workstations and certain unclassified documents stored on them. He emphasized the department’s commitment to cybersecurity, highlighting efforts over the past four years to strengthen defenses. “Treasury takes all threats to its systems and data very seriously. We will continue collaborating with both private and public partners to safeguard the financial system against threat actors,” Gwin stated.
This incident adds to a series of cyberattacks allegedly linked to China, targeting U.S. government entities. In recent months, a group referred to as Salt Tycoon was implicated in attacks against U.S. telecom companies like AT&T and Verizon. These breaches aimed to intercept private communications of high-ranking U.S. officials, including presidential candidates.
Liu Pengyu, a representative of the Chinese Embassy in Washington, D.C., denied the allegations, asserting that the United States failed to provide evidence to substantiate its claims.
The breach underscores the ongoing cyber threats facing U.S. governmental systems and highlights the critical need for robust and evolving cybersecurity measures.
