In Brief

The US Treasury Department confirmed it was hacked by a Chinese state-sponsored actor in early December 2024.
The breach allowed access to employee workstations and some unclassified documents.
The attack was facilitated by exploiting a vulnerability in a third-party service provider, BeyondTrust.
Chinese officials have dismissed the allegations as part of a smear campaign.
The Treasury is working with the FBI and other agencies to evaluate the breach's impact.

Situation Report

In a significant cybersecurity incident, the US Treasury Department reported that it was hacked by a Chinese state-sponsored actor, compromising employee workstations and accessing unclassified documents.

The breach, which occurred in early December 2024, was revealed through a letter sent to Congress, marking it as a "major incident."

Exploitation of Vulnerabilities

According to officials, the intrusion was facilitated by exploiting a vulnerability associated with BeyondTrust, a third-party service provider that delivers remote technical assistance to Treasury employees.

The suspicious activity was first detected on December 2, and the Treasury became aware of the breach on December 8 after being notified by BeyondTrust. It took three additional days for BeyondTrust to confirm that a hack had indeed occurred.

Details of Compromised Systems

The compromised system allowed hackers to gain remote access to multiple user workstations within the Treasury Department. However, specific details regarding the nature of the accessed files and the duration of the hack have not been disclosed.

Officials indicated that while there is no evidence suggesting that hackers maintained access after the initial breach, they may have created accounts or altered passwords during their monitoring period.

Response from US Treasury

In their correspondence with lawmakers, Treasury officials stated that breaches linked to Advanced Persistent Threat (APT) actors are classified as major cybersecurity incidents.

They emphasized that their department takes all threats seriously and is committed to enhancing its cybersecurity measures in collaboration with federal partners like the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).

Beijing's Reaction

Chinese officials responded vehemently to these allegations, describing them as unfounded and part of an ongoing smear campaign against China.

Liu Pengyu, spokesperson for the Chinese embassy in Washington, urged parties involved to adopt a professional stance when discussing cyber incidents and accused the US of disseminating misinformation regarding alleged Chinese hacking threats.