Computers down in the US Treasury...

By Miko Keen 

Financial Times Inspired Content

A cybersecurity breach, attributed to a state-sponsored Chinese actor, has compromised the United States Department of the Treasury, as revealed in an official statement on Monday. The incident, facilitated via a third-party service provider, has been classified by the Treasury Department as a “major cybersecurity incident.”

In correspondence addressed to the Senate Banking Committee, accessed by the Financial Times, the Treasury disclosed that it had been alerted to the breach on December 8 by the software company BeyondTrust. The attacker reportedly exploited a security key to gain unauthorized access to several remote government workstations, ultimately retrieving unclassified documents stored within these systems.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter stated, highlighting that Treasury policy categorizes APT-related intrusions as significant security events.

The Treasury Department has since partnered with the Federal Bureau of Investigation (FBI) and other intelligence community entities to determine the scope and ramifications of the breach. Preliminary findings suggest that the threat actor no longer maintains access to Treasury systems or data.

A spokesperson for the Treasury reaffirmed the department’s dedication to protecting its infrastructure and data, stating, “We take all threats to our systems and the data we hold very seriously.” The spokesperson further emphasized the importance of ongoing collaboration with private and public sector partners to address evolving cybersecurity challenges.

Responding to the allegations, Liu Pengyu, a representative of the Chinese Embassy in Washington, remarked:
“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.” Liu additionally urged the United States to refrain from using cybersecurity as a justification to malign China and to avoid spreading disinformation about purported Chinese hacking activities.

This breach represents the most recent in a series of cybersecurity incidents allegedly linked to Chinese actors targeting U.S. entities. In October, the Biden administration launched an investigation into unauthorized access to commercial telecommunications infrastructure, which both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) attributed to individuals associated with the People’s Republic of China (PRC). Reports suggested these actors targeted the devices of then-President-elect Donald Trump and his running mate, J.D. Vance, during the U.S. election period.

Highlighting the seriousness of these concerns, the U.S. Department of Commerce in September proposed measures to limit China’s access to sensitive American data, including a ban on Chinese software and hardware in vehicles equipped with internet connectivity.