The U.S. Treasury Department has reported a substantial cyber intrusion linked to Chinese state-sponsored hackers, accessing employee workstations and unclassified documents. The department categorized this as a "major incident," following a notification made to lawmakers. Collaborating with the FBI, the Treasury is investigating the breach extensively. Meanwhile, China vehemently denied these accusations, labeling them "baseless" and asserting its opposition to hacking activities.
This incident is part of a broader pattern of security lapses attributed to China, including a significant telecom breach exposing sensitive phone records of Americans. The recent attack involved hackers bypassing security protocols via a third-party remote support service, named BeyondTrust, which has since shut down its application for Treasury staff. Despite the breach, officials reassured that hackers had not continued to access Treasury data after the initial compromise.
The department, which oversees U.S. financial systems and the implementation of sanctions against China, reported learning about the hack on December 8, despite suspicious activity having been flagged as early as December 2. While the specifics regarding the accessed files and the extent of the breach remain vague, it is noted that the intruders likely aimed for intelligence rather than financial theft.
A comprehensive report detailing the fallout of the incident is expected to be delivered to Congress within the next month. In response, China’s Ministry of Foreign Affairs dismissed the allegations as politically motivated disinformation, reiterating its commitment against hacking.
The U.S. has pointed fingers at separate Chinese hacking groups like Volt Typhoon and Salt Typhoon for recent cyber intrusions into critical infrastructure and espionage efforts, respectively. Nevertheless, Chinese officials have repeatedly refuted these claims as smear campaigns lacking substantiation.
This incident is part of a broader pattern of security lapses attributed to China, including a significant telecom breach exposing sensitive phone records of Americans. The recent attack involved hackers bypassing security protocols via a third-party remote support service, named BeyondTrust, which has since shut down its application for Treasury staff. Despite the breach, officials reassured that hackers had not continued to access Treasury data after the initial compromise.
The department, which oversees U.S. financial systems and the implementation of sanctions against China, reported learning about the hack on December 8, despite suspicious activity having been flagged as early as December 2. While the specifics regarding the accessed files and the extent of the breach remain vague, it is noted that the intruders likely aimed for intelligence rather than financial theft.
A comprehensive report detailing the fallout of the incident is expected to be delivered to Congress within the next month. In response, China’s Ministry of Foreign Affairs dismissed the allegations as politically motivated disinformation, reiterating its commitment against hacking.
The U.S. has pointed fingers at separate Chinese hacking groups like Volt Typhoon and Salt Typhoon for recent cyber intrusions into critical infrastructure and espionage efforts, respectively. Nevertheless, Chinese officials have repeatedly refuted these claims as smear campaigns lacking substantiation.
