CISA: Treasury was only federal agency impacted by recent China breach

The Treasury Department was the only federal agency affected by a recently announced breach by state-backed hackers from China, according to a new statement from the Cybersecurity and Infrastructure Security Agency (CISA).

CISA said Monday afternoon it is working closely with the Treasury and third-party software provider BeyondTrust to understand the incident and its ramifications. The short statement did not offer additional details.

The Treasury previously told the Senate Banking Committee that it was notified on December 8 by BeyondTrust that intruders had obtained a security key allowing remote access to employee workstations and the classified documents stored on them. The department attributed the incident to China-based hackers.

The Washington Post reported last week that the hackers targeted the department’s Office of Foreign Assets Control (OFAC) as well as the Office of the Treasury Secretary. U.S. officials told the newspaper that China likely wanted to know which entities may be facing potential sanctions. China has denied the accusations. 

Last week, OFAC announced sanctions against one of China’s most prominent cybersecurity companies, accusing it of assisting Beijing’s government in a long-running hack campaign against U.S. critical infrastructure. 

CISA said on Monday that there is “no indication that any other federal agencies have been impacted" by the campaign aimed at the Treasury. 

“CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response. The security of federal systems and the data they protect is of critical importance to our national security,” the agency said. “We are working aggressively to safeguard against any further impacts and will provide updates, as appropriate.”

The attack on the Treasury offices is yet another salvo in China’s alleged targeting of U.S. institutions. Over the weekend, it was revealed that among the nine telecommunications companies breached by China in its Salt Typhoon campaign are Charter Communications, Consolidated Communications, and Windstream. Companies like Verizon, AT&T, and T-Mobile had already been identified. 

New details were also unveiled about China’s Volt Typhoon attacks on U.S. critical infrastructure in the island of Guam. U.S. officials said they have discovered at least 100 different cyberattacks as part of Volt Typhoon incidents, according to Bloomberg.