A state-sponsored hacker from China reportedly infiltrated the U.S. Treasury Department’s computer systems earlier this month. The breach allowed access to employee workstations and the theft of certain unclassified documents, according to the Treasury Department.
Treasury Labels Breach a “Major Incident”
The U.S. Treasury Department has classified the breach as a “major incident.” Officials revealed that they are collaborating with the FBI and other federal agencies to assess the full scope and impact of the hack.
How the Hack Occurred
The breach reportedly took place in early December. Hackers exploited vulnerabilities in a third-party cybersecurity provider, BeyondTrust. This company offers cloud-based services to manage technical support for Treasury Departmental Offices (DO).
Access to Sensitive Data
The Treasury Department disclosed in a letter to lawmakers that the hackers stole a key used by BeyondTrust to secure its cloud service. This allowed them to bypass the service’s security protocols.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” the letter stated.
Ongoing Investigations
The U.S. government is actively investigating the breach. Authorities aim to determine the extent of the damage and implement measures to strengthen cybersecurity defenses. This incident underscores the persistent threat of state-sponsored cyberattacks and highlights vulnerabilities in critical government systems.
