Chinese government hackers accessed U.S. Treasury workstations through compromised vendor software, marking the latest in a series of state-sponsored cyberattacks against American institutions.
“The threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users,” Assistant Secretary Aditi Hardikar wrote to Senate Banking Committee leaders on December 8.
The hackers stole BeyondTrust’s security key, allowing them to override security controls and access unclassified documents. The company has since revoked the key and notified affected customers.
“The compromised BeyondTrust service has been taken offline,” a Treasury spokesperson said, adding there is “no evidence indicating a threat actor has continued access to Treasury systems or information.”
China has denied involvement in the dangerous hacking attack.
“China consistently opposes all forms of hacking and is firmly against the spread of false information targeting China for political purposes,” Foreign Ministry spokesperson Mao Ning told reporters.
The breach comes amid escalating Chinese cyber operations, including attacks on nine U.S. telecommunications companies and Volt Typhoon’s five-year campaign targeting critical infrastructure.
The FBI, Cybersecurity and Infrastructure Security Agency, and intelligence agencies are investigating, with Treasury promising a follow-up report within 30 days.