WASHINGTON (Reuters) – Hackers believed to be backed by the Chinese state infiltrated the U.S. Treasury Department’s cybersecurity defenses earlier this month, stealing unclassified documents in what has been deemed a significant breach, according to a letter shared with lawmakers and obtained by Reuters.
The attack targeted BeyondTrust, a third-party cybersecurity service provider. By compromising a key used to secure a cloud-based technical support system, the hackers bypassed security protocols, gaining unauthorized access to Treasury Departmental Offices (DO) workstations and the unclassified documents stored on them.
The letter attributed the breach to an Advanced Persistent Threat (APT) group linked to China, a claim based on currently available indicators. The Treasury Department, alerted to the breach on December 8, is collaborating with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to evaluate the full extent of the damage.
When approached for further comment, Treasury officials and the FBI remained silent. CISA redirected inquiries back to Treasury. Meanwhile, China’s foreign ministry spokesperson Mao Ning reiterated the nation’s opposition to hacking and dismissed the allegations. A spokesperson for the Chinese Embassy in Washington also rejected responsibility, accusing the U.S. of baseless accusations against Beijing.
BeyondTrust, headquartered in Johns Creek, Georgia, confirmed a security incident involving its remote support product in early December. The company stated it had notified impacted customers and law enforcement and was actively cooperating with investigations. BeyondTrust’s initial findings revealed that a critical digital key had been compromised, prompting a deeper probe into the breach.
Tom Hegel, a cybersecurity expert at SentinelOne, noted that this incident aligns with a known trend among Chinese-linked APT groups. These groups often exploit trusted third-party services, a tactic that has become a hallmark of their operations in recent years.
As investigations continue, the breach underscores the vulnerabilities within interconnected cybersecurity ecosystems and the growing sophistication of state-sponsored cyber threats.
Article originally posted by Reuters
