Chinese hackers accessed various workstations and unclassified documents of the US Treasury Department, according to the media reports. Additionally, the breach was linked to a compromised third-party software provider, raising alarms over cybersecurity vulnerabilities. The Treasury Department confirmed the breach in a letter to lawmakers, describing it as a major cybersecurity incident.
While the department refrained from disclosing how many systems were compromised, it clarified that there was no evidence of continued access to Treasury information. A Treasury spokesperson assured, “Treasury takes all threats to its systems seriously. Over the last four years, significant improvements have been made to bolster our cyber defenses.” The breach coincides with ongoing investigations into a broader Chinese cyberespionage campaign, dubbed ‘Salt Typhoon.’
This campaign has granted Beijing access to private communications of several Americans. The White House recently disclosed that at least nine US telecommunications companies were affected by the campaign. The hackers exploited a vulnerability in BeyondTrust, a third-party software vendor providing cloud-based technical support. On December 8, BeyondTrust flagged the theft of a critical key used to secure remote services. This allowed the attackers to override security measures and access employee workstations.
Assistant Treasury Secretary Aditi Hardikar confirmed in a letter to the Senate Banking Committee that the compromised service has been taken offline. The department is now collaborating with the FBI and the Cybersecurity and Infrastructure Security Agency to assess the damage. The Treasury has attributed the attack to Chinese state-sponsored hackers but refrained from sharing further details. According to the media reports, Treasury officials are likely to hold a classified briefing with the House Financial Services Committee next week, though the exact schedule remains undecided.
Comments