Recently, hackers believed to be sponsored by the Chinese government were able to successfully breach the security of the United States Treasury Department, stealing unclassified documents from Treasury workstations. This breach was accomplished through compromising a third-party cybersecurity service provider, allowing the hackers to override security measures and access important documents maintained by Treasury Departmental Offices.
The Treasury Department has labeled this incident as a “major incident” and is taking it very seriously. They were made aware of the breach on December 8 by the cybersecurity provider, BeyondTrust, and have since taken the compromised service offline. The department is currently working with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the impact of the hack.
In a letter to the US Senate Banking Committee, the Treasury Department directly attributed the attack to a China state-sponsored Advanced Persistent Threat (APT) actor. An APT attack refers to a type of cyberattack where the hacker can maintain access to a target without being detected for an extended period.
This breach comes at a sensitive time, as the US awaits the inauguration of President-elect Donald Trump. Trump has been vocal about his stance on China, threatening trade wars and tariffs over issues such as the flow of opioid fentanyl into the US. Both Republicans and Democrats have warned about the cybersecurity threats posed by China.
In response to previous cyber incidents involving China, the US Justice Department had recently stopped a cyberattack network run by Chinese-backed hackers and sanctioned a Chinese cybersecurity firm and researcher over a 2020 attack on company firewalls. Despite these actions, China has denied any involvement in such attacks and claims to oppose all forms of cyberattacks.
