Chinese Hackers Exploit Security Vendor To Access Treasury Documents
The U.S. Treasury Department has revealed that Chinese state-sponsored hackers breached its systems earlier this month, gaining access to unclassified documents in what officials have called a “major incident.” The attack was enabled by the compromise of a third-party cybersecurity vendor, BeyondTrust.
The hackers used a stolen key associated with BeyondTrust’s remote technical support service to override security measures. This access allowed them to infiltrate certain Treasury Department workstations and extract unclassified information stored by departmental employees.
Shocking claims of US Treasury hack by China raise more questions than answers, especially given the suspicious timing. pic.twitter.com/QpOt2NCPCC
— Truthful Voice (@webheraldnet) December 30, 2024
Treasury officials were alerted to the breach by BeyondTrust on December 8. The department is now collaborating with CISA and the FBI to determine the full scope of the intrusion. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with public and private partners to protect our systems from threat actors,” the department stated in its letter to lawmakers.
SHOCKING: 🇨🇳 China Allegedly Hacks US Treasury in Massive Cyberattack – FBI Launches Urgent Probe
What do you think this means for US-China relations? 🤯 pic.twitter.com/5EKpOjhdGI
— Nyke Nakamoto (@Nyke_Nakamoto) December 30, 2024
Cybersecurity researchers say the breach is consistent with tactics employed by Chinese hacking groups, which have increasingly targeted trusted third-party services to gain access to sensitive systems. SentinelOne’s Tom Hegel noted that this attack aligns with a documented pattern of operations by groups linked to the People’s Republic of China.
BREAKING: China hacked the U.S. Treasury Department, gaining access to workstations and documents – NYT
I bet their login credentials were extremely secure…like “guest” or “password1.” pic.twitter.com/KkGoUJr5Kj
— Chad Prather (@WatchChad) December 30, 2024
In response to the allegations, a Chinese Embassy spokesperson denied any involvement, accusing the U.S. of making baseless accusations. BeyondTrust has acknowledged a recent security incident involving a limited number of clients but has not explicitly connected the event to the Treasury hack.
BREAKING: CHINA HACKS THE US TREASURY DEPARTMENT
THE TIME TO DITCH THE DOLLAR IS NIGH pic.twitter.com/q3DVC2uRvp
— Aaron Day (@AaronRDay) December 30, 2024
The compromised service has since been disabled. Officials believe the breach was contained, but federal agencies remain vigilant against future threats.
“⚡️ US Treasury claims China hacked ‘some of its workstations.’
Apparently the Chinese hackers found ‘Top 5 ways to raise the National Debt’ in a locked folder.”
– @RT_com pic.twitter.com/RJpOqK4d7X
— George Weah MDAV∆♛🍷🇳🇬 (@marinelo_dav) December 30, 2024
China hacks US Treasury only to find it empty
with an IOU for $199 Trillion Dollars from Ukraine
and the Bidens. pic.twitter.com/7hnxrxDpWT— Azore Lure (@AzoreLure) December 30, 2024