Chinese Hackers Breach U.S. Treasury Department Workstations

Chinese hackers successfully accessed multiple U.S. Treasury Department workstations and unclassified documents after exploiting vulnerabilities in a third-party software provider, the department disclosed on Monday.

The breach was revealed in a letter to lawmakers, which stated, “At this time, there is no evidence indicating the threat actor has continued access to Treasury information.” However, the department did not specify how many workstations were compromised or the nature of the documents obtained.

In its statement, the Treasury emphasized its commitment to cybersecurity: “Treasury takes very seriously all threats against our systems and the data it holds. Over the past four years, we have significantly enhanced our cyber defenses and will continue collaborating with public and private partners to protect the financial system.”

The incident came to light on December 8 when BeyondTrust, a third-party software service provider, reported that hackers had stolen a critical key. This key allowed the attackers to override system safeguards and remotely access several employee workstations. The compromised service has since been deactivated, and there is currently no evidence of ongoing unauthorized access, according to Aditi Hardikar, Assistant Treasury Secretary, in the letter to the Senate Banking Committee.

The Treasury is coordinating its response with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). Officials have attributed the attack to Chinese actors but have not provided further details on their findings or the scope of the breach.

This breach highlights the growing threats posed by cyberattacks targeting government infrastructure and the importance of robust cybersecurity measures in safeguarding sensitive information.