US Treasury Department Hit by Major Cyberattack; Chinese Hackers Breach Workstations

The US Treasury Department confirmed a significant cyberattack on its systems, revealing that Chinese hackers accessed several workstations and unclassified documents. The breach, traced back to a compromised third-party software provider, raises concerns about cybersecurity vulnerabilities within government agencies. The attack was first detected on December 8 when BeyondTrust, an external vendor, alerted the department about a stolen security key.

Treasury Department Responds to Cybersecurity Incident

In a letter to lawmakers, the Treasury confirmed the breach, labeling it a “major cybersecurity incident.” However, the department has not disclosed the exact number of systems compromised or the specific documents accessed. Despite this, Treasury officials assured that there is no evidence of ongoing unauthorized access to its information. A Treasury spokesperson emphasized that the department has made significant improvements in its cybersecurity defenses over the past four years.

Link to Broader Chinese Cyberespionage Campaign

This cyberattack is part of a larger Chinese espionage operation known as “Salt Typhoon.” The campaign, which is under investigation, has reportedly allowed Beijing to infiltrate private communications of multiple Americans. In a related disclosure, the White House revealed that at least nine US telecommunications companies were affected by the campaign.

Attack Exploits Vulnerability in Third-Party Software

The hackers gained access by exploiting a vulnerability in BeyondTrust, a third-party provider that offers cloud-based technical support. On December 8, BeyondTrust flagged the theft of a critical key that secures remote services, allowing the attackers to bypass security measures and access employee workstations.

Investigation and Response

Assistant Treasury Secretary Aditi Hardikar confirmed in a letter to the Senate Banking Committee that the compromised service has been taken offline. The Treasury is working with the FBI and the Cybersecurity and Infrastructure Security Agency to assess the full extent of the damage. While the attack has been attributed to Chinese state-sponsored hackers, further details remain undisclosed. Treasury officials are expected to brief the House Financial Services Committee in a classified session next week.

Ongoing Concerns Over Cybersecurity The attack has raised alarms about the vulnerabilities in federal cybersecurity systems, with lawmakers and cybersecurity experts calling for strengthened protections against foreign cyber threats.