The U.S. Treasury Department has announced that several of its workstations and non-classified files were remotely accessed by Chinese hackers. This was possible due to a breach in a third-party software service provider, which is currently under investigation. The Department, however, did not disclose the number of workstations affected or the nature of the documents accessed by the hackers.
In a letter to lawmakers, the agency stated that there’s currently no proof pointing towards the hackers retaining access to Treasury data. The cyber-attack is being looked into as a “major cybersecurity incident”. The Department spokesperson emphasized their commitment to addressing all threats against their systems and data, acknowledging the significant improvements made to their cyber defense over the past four years.
In response to the allegations, a spokesperson from China’s Foreign Ministry reiterated their standard stance, denouncing groundless accusations lacking evidence. The spokesperson, Mao Ning, reaffirmed China’s opposition to all forms of hacking and their disapproval of disseminating false information against China for political gain.
The incident adds to the growing concerns of U.S. officials dealing with the aftermath of a significant Chinese cyberespionage operation known as Salt Typhoon. This operation granted Beijing officials access to private texts and phone conversations of an undisclosed number of Americans. The number of telecommunications companies confirmed to have been impacted by the hack has now ascended to nine, as stated by a senior White House official.
On December 8th, the Treasury Department became aware of the issue when BeyondTrust, a third-party software service provider, alerted them that hackers had stolen a key used to secure a cloud-based service for remotely providing technical support to workers. This theft allowed the hackers to bypass the service’s security and remotely access several workstations.
The hacked service has since been suspended, and there’s no evidence suggesting that the hackers currently have access to the department’s information, as stated by Aditi Hardikar, an assistant Treasury secretary, in a letter to the leaders of the Senate Banking Committee. The Department is collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency, and other entities to investigate the effects of the hack, attributing it to Chinese state-sponsored perpetrators.
