The US Treasury Department was breached by Chinese state-sponsored hackers, who gained access to unclassified documents, in what the organisation called a “major cyber security incident”, according to a letter sent to the Congress on Monday.
The Treasury said a third-party software provider, BeyondTrust, had notified it of the breach.
The hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users”, the letter seen by Bloomberg and Reuters, said.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The Treasury department said it was working with the US Cybersecurity and Infrastructure Security Agency, the FBI and third-party forensic investigators.
BeyondTrust said it has been supporting the investigative efforts.
The Chinese Embassy in Washington dismissed the allegations and said the “US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat”.
“The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury representative told Bloomberg.
Cyber security issues globally have been rising sharply, led by an increasing number of ransomware attacks targeting government services and other critical sectors in many countries, the 2024 Global Cybersecurity Index released by the UN's International Telecommunication Union in September.
The global average cost of a data breach was estimated at $4.45 million last year, it said.
The US is already carrying out an investigation into what has become known as the Salt Typhoon cyber breach, flagged by officials in early December. The US has accused China of sponsoring the attack that infiltrated US communications companies and potentially left American consumers vulnerable.
Initially, officials said eight US companies had been affected, but that number has since risen to nine.
US companies need to enact critical infrastructure changes and update basic cyber security practices, Anne Neuberger, deputy national security adviser for cyber and emerging technology, told media on Friday.
“What we've learnt from the investigation is that there's several categories of things that are needed in this space: better management of configuration, better vulnerability management of networks, better work across the telecom sector to share information when incidents occur,” she said.
Voluntary commitments by companies were inadequate, she said, and explained that the administration would be seeking bipartisan support from the Federal Communications Commission (FCC) to ensure compliance from telecoms companies.
With inputs from Bloomberg and Reuters
