Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
A Chinese state-sponsored hacker broke into U.S. Treasury Department systems earlier this month and was able to gain access to employee workstations and some unclassified documents, U.S. officials said Monday.
The Treasury described the breach as a “major incident” after disclosing it in a letter notifying lawmakers of the incident.
The US agency said it was working with the FBI and other agencies to investigate the impact of the hack.
A spokesman for the Chinese embassy in Washington told BBC News that the accusation was part of a “slanderous attack” and was made “without any factual basis”.
The Treasury Department said in its letter to lawmakers that the China-based actor was able to override security through a key used by a third-party service provider. The app offers remote technical support to its employees.
The compromised third-party service — called BeyondTrust — has since been taken offline, officials said. There is no evidence to suggest that the hacker has continued to access Treasury information since then, the statement continued.
The department said it worked with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact.
Officials said initial investigations suggest the hack appears to have been carried out by a “China-based Advanced Persistent Threat (APT) actor.”
“In accordance with Treasury Department policy, intrusions due to APTs are considered a major cybersecurity incident,” Treasury officials said.
The department was notified of the hack on December 8 by BeyondTrust, a spokesman told the BBC. According to the company, the suspicious activity was first noticed on December 2, but it took three days for it to determine that it had been hacked.
The spokesman said the hacker was able to remotely access several Treasury users’ workstations and some unclassified documents stored by those users.
The department did not specify the nature of those files or when or for how long the hacking took place. They also did not specify the level of confidentiality of the computer systems or the seniority of the personnel whose materials were accessed.
Hackers may have been able to create accounts or change passwords during the three days they were monitored by BeyondTrust.
As spy agents, the hackers are believed to have sought information rather than trying to steal funds.
The spokesman said the Treasury “takes all threats against our systems and the data it holds very seriously” and that it would continue to work to protect its data from external threats.
The department’s letter said a further report on the incident would be provided to lawmakers in 30 days.
Chinese embassy spokesman Liu Pengyu denied the department’s report, saying in a statement that it could be difficult to trace the origins of the hackers.
“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence and not on baseless speculation and accusations,” he said.
“The US must stop using cybersecurity to defame China and stop spreading any kind of misinformation about so-called Chinese hacking threats.”
It’s the latest high-profile and embarrassing breach in the US to be blamed on Chinese spy hackers.
It follows another hack of telecommunications companies in December that potentially breached data from phone records on large swathes of American society.
