Hackers linked to China’s government successfully infiltrated several workstations within the U.S. Treasury Department, gaining access to unclassified documents, as revealed in a letter to Congress. The breach was achieved by compromising a software service provider, BeyondTrust, which supports Treasury operations. This incident coincides with broader cybersecurity challenges posed by ongoing China-backed hacks targeting U.S. telecom networks and officials.
The breach was detected on December 8, as outlined by Aditi Hardikar, Treasury’s assistant secretary for management. Hackers exploited a stolen key from BeyondTrust, allowing them to override the vendor’s security protocols and access sensitive but unclassified documents. Treasury has since deactivated the compromised service and reported no further unauthorized access, though the incident raises concerns about third-party vulnerabilities.
Chinese Hackers Exploit Software Flaw to Access Sensitive U.S. Treasury Data Amid Cybersecurity Concerns
BeyondTrust acknowledged that its Remote Support SaaS tool was targeted, affecting a limited number of customers. The company responded by revoking the stolen key and notifying impacted users. However, the Treasury breach adds to a growing list of cyberattacks on U.S. entities, spotlighting the risks associated with outsourced technology and cloud-based services.
China’s escalating cyber activities include other significant campaigns, such as the Salt Typhoon breach, which compromised multiple U.S. telecom providers, and the Volt Typhoon group, which has probed critical infrastructure systems for years. These coordinated efforts aim to exploit weaknesses in routers, firewalls, and VPNs, threatening water, energy, transportation, and communications networks.
In response to the Treasury breach, the department is collaborating with the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and intelligence officials to investigate and mitigate risks. The Chinese Embassy dismissed the allegations as baseless. The incident underscores the urgency of strengthening cybersecurity defenses across government systems and reducing reliance on potentially vulnerable third-party technologies.
