Chinese Hackers Stole Documents in Major Breach: US Treasury

Greenwatch Desk International 2024-12-31, 8:31am

images17-e7deb6447429be10b7681a42abf6d55d1735612568.jpg

Chinese state-sponsored hackers breached the US Treasury Department’s cybersecurity this month, stealing unclassified documents in what the Treasury described as a “major incident,” according to a letter sent to lawmakers and provided to Reuters on Monday.

The hackers exploited vulnerabilities in a third-party cybersecurity service provider, BeyondTrust, gaining access to unclassified Treasury documents. The breach occurred when hackers compromised a key used by the vendor to secure a cloud-based service, which remotely provides technical support for Treasury Department Offices (DO) end users. With the stolen key, the hackers bypassed security measures, remotely accessed user workstations, and retrieved certain documents.

Treasury officials were alerted to the breach by BeyondTrust on December 8. The department is collaborating with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the breach's impact.

The Treasury did not immediately respond to requests for additional details, and the FBI did not comment. CISA referred inquiries back to the Treasury.

The Chinese Embassy in Washington denied any involvement, labeling the accusations as baseless and rejecting "smear attacks against China."

BeyondTrust, the Georgia-based company affected by the breach, confirmed the incident on December 8 and reported that it had taken steps to address the security breach. The company notified the impacted customers and is cooperating with law enforcement. BeyondTrust’s spokesperson said that the breach involved a compromised digital key and that the investigation is ongoing.

Cybersecurity expert Tom Hegel from SentinelOne noted that the breach fits a pattern of tactics used by Chinese-linked groups, particularly their focus on exploiting trusted third-party services—an increasingly common method in recent years.