Chinese hackers breached several computers at the U.S. Department of the Treasury and gained access to unclassified documents via a third-party software program used by the department, officials announced on Monday.
The Treasury Department did not provide details about how many computers were affected or which documents the hackers might have accessed, but in a letter informing lawmakers about the incident, it emphasized that “there is currently no evidence indicating that the hackers have continued to access Treasury information.” According to the letter, the incident is being investigated as a “major cybersecurity event.”
“The Treasury takes all threats to its systems and the data they store very seriously,” said a department spokesperson in the statement. “Over the past four years, the Treasury has strengthened its cybersecurity protections and will continue to work with partners in both the private and public sectors to protect our financial system from adversaries.”
In Beijing, a spokesperson for the Ministry of Foreign Affairs provided the standard response China gives to allegations of cyber intrusion.
“We have reiterated our position on such baseless accusations, which lack evidence,” said spokeswoman Mao Ning during a daily press briefing. “China consistently opposes all forms of cyber intrusion and rejects the dissemination of false information against China for political purposes.”
The incident comes as U.S. officials continue to deal with the fallout from China’s large-scale counterintelligence campaign, known as ‘Salt Typhoon,’ which granted Beijing officials access to private messages and phone conversations of an unknown number of Americans. A senior White House official said on Friday that the number of telecommunications companies affected by this cyber intrusion has now reached nine.
The Treasury Department said it identified the recent problem on December 8, when the company ‘BeyondTrust,’ which provides a software service, reported that hackers had stolen a code “used by the client to secure a service that stores data in a database and is used remotely to offer technical assistance” to employees. This code enabled hackers to bypass the security of the service and infiltrate the computers of several employees.
Since that day, the compromised service has been removed from use, and there is no evidence to suggest that the hackers still have access to the department’s information, wrote Treasury Deputy Secretary Aditi Hardikar in a letter to the Senate Banking Committee on Monday.
The department said it is working with the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA), as well as other parties, to investigate the consequences of the cyber intrusion and that responsibility for the breach has been attributed to state-sponsored Chinese actors. No further details have been provided.
