Chinese Hackers Exploit Security Vendor To Access Treasury Documents

The U.S. Treasury Department has revealed that Chinese state-sponsored hackers breached its systems earlier this month, gaining access to unclassified documents in what officials have called a “major incident.” The attack was enabled by the compromise of a third-party cybersecurity vendor, BeyondTrust.

The hackers used a stolen key associated with BeyondTrust’s remote technical support service to override security measures. This access allowed them to infiltrate certain Treasury Department workstations and extract unclassified information stored by departmental employees.

Treasury officials were alerted to the breach by BeyondTrust on December 8. The department is now collaborating with CISA and the FBI to determine the full scope of the intrusion. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with public and private partners to protect our systems from threat actors,” the department stated in its letter to lawmakers.

Cybersecurity researchers say the breach is consistent with tactics employed by Chinese hacking groups, which have increasingly targeted trusted third-party services to gain access to sensitive systems. SentinelOne’s Tom Hegel noted that this attack aligns with a documented pattern of operations by groups linked to the People’s Republic of China.

In response to the allegations, a Chinese Embassy spokesperson denied any involvement, accusing the U.S. of making baseless accusations. BeyondTrust has acknowledged a recent security incident involving a limited number of clients but has not explicitly connected the event to the Treasury hack.

The compromised service has since been disabled. Officials believe the breach was contained, but federal agencies remain vigilant against future threats.

Please leave your comment below!

*