WASHINGTON—Chinese hackers remotely breached the U.S. Treasury Department earlier this month, stealing documents from its workstations, according to a letter the agency sent to lawmakers on Monday. The Treasury Department described the breach as a “major incident.”
On Dec. 8, Chinese state-sponsored hackers compromised a third-party software service provider, Beyond Trust, accessing certain unclassified documents, according to the letter by Aditi Hardikar, an assistant Treasury secretary.
The letter stated that the hackers gained “access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The department did not specify how many workstations had been compromised or what kind of documents the hackers may have obtained. However, in the letter, it said that the BeyondTrust service has been taken offline and “at this time there is no evidence indicating the threat actor has continued access to Treasury information.”
The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency to investigate the scope of the hack.
“Treasury takes very seriously all threats against our systems, and the data it holds,” a department spokesperson said in a separate statement to The Associated Press. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
The incident occurred as U.S. officials continue to assess the scope of the cybersecurity breach from China’s state-backed Salt Typhoon hacking group, which has carried out a wide-ranging espionage campaign since 2022. Last week, a White House official announced that the recent cyberattacks affected nine telecom companies, including Verizon, AT&T, and CenturyLink.
Officials said in early December that these hackers are still embedded in U.S. infrastructure. AT&T and Verizon said on Saturday that their networks are now secure while Lumen Technologies, which owns CenturyLink, said on Sunday that it has no evidence of Chinese actors in its network.
Chinese hackers have targeted a small number of high-profile customers, according to AT&T and Verizon.
In the wake of the Salt Typhoon hacking campaign, the Cybersecurity and Infrastructure Security Agency has urged “individuals who are in senior government or senior political positions” to immediately stop using regular phone calls and text messages. They should only use end-to-end encrypted communications and “assume that all communications between mobile devices—including government and personal devices—and internet services are at risk of interception or manipulation,” the agency warned.
The hacking group has already successfully targeted now-Vice President-elect JD Vance and now-president-elect Donald Trump, as well as Vice President Kamala Harris.
Eva Fu, Lily Zhou, Reuters, and The Associated Press contributed to this report.
From The Epoch Times