Following the compromise of a third-party software service provider, Chinese hackers gained remote access to numerous US Treasury Department computers and unclassified data, the department said Monday.
The department did not specify how many workstations were accessed or what documents the hackers may have obtained, but in a letter to lawmakers announcing the breach, it stated that “at this time there is no evidence indicating the threat actor has continued access to Treasury information.” The attack was being probed as a “major cybersecurity incident,” it stated.
“Treasury takes all threats to our systems and data very seriously,” a department official said in a separate statement. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
In Beijing, a Foreign Ministry official delivered China’s customary reaction to hacking claims.
“We have repeatedly stated our position on such baseless allegations that lack evidence,” Mao Ning said during a daily briefing. “China consistently opposes all forms of hacking, and we are even more opposed to the dissemination of false information against China for political purposes.”
The incident comes as US officials are still dealing with the consequences from a huge Chinese cyberespionage campaign known as Salt Typhoon, which granted officials in Beijing access to an unknown number of Americans’ private messages and phone conversations. According to a senior White House official, the number of telecoms companies acknowledged to have been hacked has now reached nine.
The Treasury Department said it became aware of the current issue on December 8, when a third-party software service provider, BeyondTrust, reported that hackers had obtained a key “used by the vendor to secure a cloud-based service used to remotely provide technical support” to workers. That key enabled the hackers to bypass the service’s security and get remote access to many staff workstations.
The compromised service has subsequently been taken offline, and there’s no sign that the hackers still have access to department data. Aditi Hardikar, an assistant Treasury secretary, wrote a letter to Senate Banking Committee leaders on Monday.
The department stated that it was collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency, and others to analyze the impact of the attack, which had been linked to Chinese state-sponsored perpetrators. It did not elaborate.