Chinese hackers breached U.S. Treasury in “major cybersecurity incident”

A state-sponsored Chinese hacking operation targeting a third-party software service provider resulted in the access of several workstations at the U.S. Department of the Treasury, according to a Treasury official. The hackers were able to access unclassified documents in what is being described as a “major cybersecurity incident.”

The Department of the Treasury was notified of the breach on December 8, stated a letter sent to lawmakers by Assistant Secretary of the Treasury for Management Aditi Hardikar, according to NBC News.

BeyondTrust, a software access management provider, informed the Treasury that “a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” according to Hardikar’s letter.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” Hardikar said, according to The New York Times. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”

The “threat actor” was able to override security measures and gain access to departmental office user workstations, NBC News reported. The accessed information consisted of unclassified documents.

The letter also stated that the U.S. Treasury is working with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and “third-party forensic investigators” to assess the impact of the hacking.