Beijing-linked hackers penetrated Treasury systems
Updated at 10:25 a.m. on December 31 with comment from the Chinese foreign ministry.
A Chinese state-sponsored actor was responsible for a “major incident” that compromised U.S. Treasury Department workstations and classified documents, according to a letter the agency sent congressional lawmakers on Monday.
In a missive to the Senate Banking Committee, the department said it was notified on December 8 by BeyondTrust, a third-party software provider, that a foreign actor had obtained a security key that allowed the perpetrator to remotely gain access to employee workstations and the classified documents stored on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” according to the letter from Aditi Hardikar, assistant Treasury secretary for management.
It did not specify the number of impacted workstations or the kind of documents caught in the hack. It also did not say when the initial breach occurred.
The compromised service “has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information,” it adds.
Asked at a press conference about the alleged hacking, Chinese Foreign Ministry spokesperson Mao Ning called the allegations "unwarranted and groundless."
"China opposes all forms of hacking, and in particular, we oppose spreading China-related disinformation motivated by political agenda," she said.
The notification from Treasury comes as Washington remains on edge over the recent disclosures that Chinese-linked hackers known as Volt Typhoon and Salt Typhoon have burrowed into U.S. critical infrastructure and penetrated the networks of at least nine telecommunication companies, respectively.
In response, the Biden administration and Capitol Hill lawmakers are readying a series of policy moves, including a vote next month by the Federal Communications Commission that may set minimum cybersecurity standards for telecom firms.
Treasury said it is working with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to resolve the intrusion.
Martin Matishak
is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.