Massive Cyberattack Hits US Treasury Department, Chinese Hackers Suspected
Chinese Embassy Denies Involvement in US Treasury Cyberattack, Calls Allegations a "Smear Attack"
WASHINGTON: The United States Treasury Department has confirmed a significant breach of its systems, which it describes as a “major cybersecurity incident” attributed to a Chinese state-sponsored hacking group. The attack, which occurred earlier this month, targeted employee workstations and unclassified documents, triggering widespread concern.
The intrusion, disclosed in a letter sent to lawmakers, was executed by an Advanced Persistent Threat (APT) actor based in China. The hackers exploited a vulnerability in a third-party service provider, BeyondTrust, which provides remote technical support to Treasury employees. The compromised service has since been taken offline, and authorities report no further evidence of unauthorized access.
The Treasury Department was alerted to the hack on December 8, after being notified by BeyondTrust, which had detected suspicious activity on December 2. However, it took three additional days to confirm the breach, potentially allowing hackers time to create accounts or alter passwords. While the full extent of the attack is still under investigation, officials believe the hackers were primarily focused on gathering sensitive information rather than financial theft.
The Treasury, in cooperation with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and forensic experts, is working to assess the breach’s impact. In its letter to lawmakers, the department emphasized that incidents linked to APT groups are classified as major cybersecurity events, and a more detailed report is expected within 30 days.
In response to the accusations, the Chinese embassy in Washington denied any involvement, calling the allegations a “smear attack.” Spokesperson Liu Pengyu criticized the US for making baseless accusations and called for a more professional and responsible approach to cybersecurity issues.
This breach is the latest in a series of high-profile cyberattacks attributed to Chinese hackers. Last year, telecom companies were targeted in an attack that exposed phone records of millions of Americans. The Treasury Department reiterated its commitment to strengthening its cybersecurity measures to prevent future threats.
Read More: Trump asks Supreme Court to let him rescue TikTok
The breach has raised alarms in Washington, prompting lawmakers to review the Treasury Department’s cybersecurity protocols and increase efforts to protect critical infrastructure from increasingly sophisticated cyber threats.
