State-sponsored hackers from China have infiltrated the U.S. Treasury Department, stealing unclassified documents in what officials describe as a “major incident.” The breach, disclosed in a letter to lawmakers, highlights vulnerabilities in third-party cybersecurity providers.
Hackers gained access through BeyondTrust, a cybersecurity vendor used by the Treasury Department. By compromising a key associated with BeyondTrust’s cloud-based technical support service, the hackers bypassed security protocols, enabling remote access to Treasury workstations and documents.
Shocking claims of US Treasury hack by China raise more questions than answers, especially given the suspicious timing. pic.twitter.com/QpOt2NCPCC
— Truthful Voice (@webheraldnet) December 30, 2024
The Treasury Department learned of the breach on December 8 after being notified by BeyondTrust. Officials have since worked with the FBI and CISA to evaluate the extent of the damage. “Treasury takes very seriously all threats against our systems and the data it holds,” the department stated, noting efforts to strengthen cyber defenses over the last four years.
SHOCKING: 🇨🇳 China Allegedly Hacks US Treasury in Massive Cyberattack – FBI Launches Urgent Probe
What do you think this means for US-China relations? 🤯 pic.twitter.com/5EKpOjhdGI
— Nyke Nakamoto (@Nyke_Nakamoto) December 30, 2024
Cybersecurity experts suggest the breach aligns with tactics frequently employed by Chinese hacking groups. Tom Hegel, a researcher at SentinelOne, pointed out that exploiting third-party services is a well-documented method used by groups linked to the People’s Republic of China.
BREAKING: China hacked the U.S. Treasury Department, gaining access to workstations and documents – NYT
I bet their login credentials were extremely secure…like “guest” or “password1.” pic.twitter.com/KkGoUJr5Kj
— Chad Prather (@WatchChad) December 30, 2024
Chinese officials have denied responsibility, accusing the U.S. of making baseless accusations. Meanwhile, BeyondTrust has acknowledged a security incident involving its remote support software, stating that a compromised digital key affected a limited number of clients.
BREAKING: CHINA HACKS THE US TREASURY DEPARTMENT
THE TIME TO DITCH THE DOLLAR IS NIGH pic.twitter.com/q3DVC2uRvp
— Aaron Day (@AaronRDay) December 30, 2024
The compromised service has been taken offline, and officials believe the hackers no longer have access to additional Treasury systems.
“⚡️ US Treasury claims China hacked ‘some of its workstations.’
Apparently the Chinese hackers found ‘Top 5 ways to raise the National Debt’ in a locked folder.”
– @RT_com pic.twitter.com/RJpOqK4d7X
— George Weah MDAV∆♛🍷🇳🇬 (@marinelo_dav) December 30, 2024
https://twitter.com/AzoreLure/status/1873837331880567200