The U.S. Treasury has revealed a significant cyberattack attributed to hackers backed by the Chinese government. In a letter to lawmakers, the department confirmed that the breach, which occurred earlier this month, allowed the attackers remote access to employee workstations and unclassified documents.
The intrusion was uncovered on December 8, when cybersecurity firm, BeyondTrust notified the Treasury of unauthorized access to a critical key used for providing remote technical support. While BeyondTrust has acknowledged the breach, it did not disclosed how the hackers obtained the key.
The Treasury enlisted the assistance of the Cybersecurity and Infrastructure Security Agency (CISA) and stated on December 30 that there is no evidence of ongoing access by the attackers. A spokesperson attributed the attack to a state-sponsored group believed to have ties to the Chinese government, though the specific group was not identified.
Michael Gwin, a spokesperson for the Treasury, reassured the public that the department continues to bolster its defenses.
“Treasury takes all threats against its systems seriously. Over the past four years, we’ve significantly strengthened our cybersecurity measures and will remain vigilant against emerging threats,” Gwin said.
The breach is the latest in a series of cyberattacks linked to Chinese state actors. Recent incidents, including attacks on U.S. telecom giants AT&T and Verizon, reportedly aimed to access private communications of high-ranking U.S. officials. A representative of the Chinese Embassy in Washington dismissed the allegations, arguing that the U.S. has provided no evidence linking the incident to China.
Philips Babatunde