U.S. Treasury Confirms Major Cyberattack by Chinese Hackers Using BeyondTrust

The U.S. Treasury Department has disclosed that it was targeted by a Chinese state-sponsored “threat actor” earlier this month. The attack, which officials have labeled a “major incident,” involved hackers accessing several department workstations through a compromised third-party cybersecurity provider, BeyondTrust.

According to a letter sent to members of the Senate Committee on Banking, Housing, and Urban Affairs, the hackers managed to steal a key used by BeyondTrust to secure a cloud-based service. This service is utilized for providing remote technical support to Treasury Departmental Offices (DO) end users. With this key, the threat actor was able to override security measures, remotely access certain workstations, and gain access to unclassified documents.

The breach was first detected on December 8, after which the compromised BeyondTrust service was immediately taken offline. A Treasury spokesperson confirmed that there is currently “no evidence indicating the threat actor has continued access to Treasury systems or information.” The department has been working closely with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other intelligence community members, alongside third-party forensic investigators, to assess and mitigate the impact of the breach.

This incident marks another in a series of cyber intrusions attributed to Chinese state-sponsored actors, highlighting ongoing concerns about cybersecurity within critical U.S. government institutions. The Treasury Department has reiterated its commitment to bolstering cybersecurity defenses and protecting national financial systems from such threats.