US Treasury Says China-Backed Hackers Conducted Major Cyberattack

Chinese hackers have been accused of launching a cyberattack against the U.S. Treasury, accessing sensitive documents in a major security breach.

At a Glance

Chinese government-backed hackers are accused of breaching U.S. Treasury Department workstations.
The alleged attackers exploited a third-party provider, BeyondTrust, to gain access.
Unclassified documents were retrieved, but the compromised service has been taken offline.
The Treasury is working with intelligence agencies and cybersecurity partners to address the threat.
China denies involvement, accusing the US of spreading disinformation.

Chinese Hackers Breach US Treasury Systems

In a disturbing development that underscores the ongoing cyber threats to our national security, the US Treasury Department has reported a significant breach of its systems, allegedly by Chinese government-aligned hackers. The attack, which came to light on December 8, 2024, involved the compromise of a third-party provider called BeyondTrust, allowing the hackers to access Treasury workstations and retrieve unclassified documents.

The breach has been classified as a major incident, highlighting the seriousness of the situation. According to reports, the hackers obtained a key to secure a cloud-based service, which they then used to bypass security measures and infiltrate Treasury systems. While the full extent of the breach is still being assessed, officials have stated that the compromised service has been taken offline, and there is currently no evidence of continued unauthorized access.

🚨The US Treasury says Chinese hackers remotely accessed workstations and documents in what they labelled a ‘major cyber incident’.https://t.co/dVa5lI8uGP

— euronews (@euronews) December 31, 2024

Treasury’s Response and Enhanced Cybersecurity Measures

In response to this alarming breach, the Treasury Department has taken swift action to bolster its defenses and investigate the full scope of the intrusion. Officials have emphasized that the department has significantly enhanced its cyber defenses over the past four years and is working closely with both private sector partners and other government agencies to protect its systems from future attacks.

The Treasury is in close contact with the intelligence community, FBI, and Cybersecurity and Infrastructure Security Agency regarding the breach. This coordinated effort demonstrates the seriousness with which our government is treating this cyber intrusion and the determination to prevent similar incidents in the future.

China’s Denial and Ongoing Cybersecurity Concerns

The Chinese government has vehemently denied any involvement in the cyberattack. A spokesperson for the Chinese embassy in Washington went so far as to accuse the United States of engaging in smear tactics and spreading disinformation about alleged Chinese hacking threats.

“The U.S. needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,” spokesperson Liu Pengyu said.

Despite these denials, the Treasury Department has attributed the attack to a China state-sponsored Advanced Persistent Threat (APT) actor. This incident follows a pattern of increasing cyber aggression from China, including recent intrusions into U.S. telecommunications systems linked to a group known as Salt Typhoon.

Implications for National Security and US-China Relations

The Treasury breach comes at a time of heightened tensions between the United States and China, with cybersecurity being a significant point of contention. President Biden reportedly raised the issue of hacking with Chinese President Xi Jinping during their recent meeting at the APEC Summit, underscoring the importance of this issue in bilateral relations.

The Treasury Department has promised a supplemental report on the incident within 30 days, which should provide more insight into the attack and the steps being taken to prevent future intrusions.