The Treasury Department said in a letter to lawmakers that a China-based attacker was able to disable the security through keys used by a third-party service provider. This application provides remote technical support to your employees.
The compromised third-party service, called BeyondTrust, has since been taken offline, officials said. There was no evidence to suggest that the hackers continued to access Treasury information since then, the statement continued.
The department said it is working with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact.
Officials said an initial investigation suggested the hack was likely carried out by a “China-based Advanced Persistent Threat (APT) actor.”
“In accordance with Treasury policy, the APT intrusion is considered a major cybersecurity incident,” a Treasury official said.
A spokesperson told the BBC that the ministry was informed of the hack by BeyondTrust on December 8. The company said the suspicious activity was first noticed on December 2nd, but it took three days for the company to determine it had been hacked.
A spokesperson said the hackers were able to remotely access the workstations of multiple Treasury Department users and some non-classified documents held by those users.
The ministry did not disclose the nature of these files or when or for how long the hack occurred. Nor did it specify the level of confidentiality of the computer system or the seniority of the staff who had access to the material.
The hackers may have been able to create accounts and change passwords during the three days they were monitored by BeyondTrust.
As espionage agents, the hackers are believed to have been seeking information rather than trying to steal funds.
The spokesperson said the Treasury Department “takes all threats to our systems and the data they hold very seriously” and will continue to work to protect data from external threats.
The department’s letter states that a supplementary report on the incident will be provided to lawmakers within 30 days.
Chinese Foreign Ministry spokesperson Mao Ning denied the US claims at a press conference, saying, “We have repeatedly expressed our position on baseless accusations lacking evidence.
“China consistently opposes all forms of hacking and firmly rejects the dissemination of false information targeting China for political purposes.”
Earlier, a spokesperson for the Chinese embassy in Washington DC told BBC News the accusations were part of a “smear attack” and had “no basis in fact”.
“The United States needs to stop using cybersecurity to slander and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat,” embassy spokesperson Liu Pengyu said. said.
This is the latest high-profile and embarrassing US breach attributed to Chinese espionage hackers.
This follows a hack in December of a telecommunications company that may have compromised call log data across large swathes of American society.
