The US Treasury Department has revealed that Chinese state-sponsored hackers successfully penetrated their systems in early December 2024, gaining access to employee workstations and unclassified documents.
The incident came to light through an official letter sent to lawmakers, marking another concerning episode in the ongoing cyber tensions between china and United States.
The Biden administration is blaming China for a major security breach of the U.S. Treasury Department.
— ABC News Live (@ABCNewsLive) December 31, 2024
Elizabeth Schulze reports on the hack. pic.twitter.com/VPLvgOit7a
Also Read: High Court Gives Orders on Abducted Youth, Gives Further Directions to Police IG
Technical Details of the Breach
The infiltration occurred through a sophisticated exploitation of a third-party service provider, BeyondTrust, which offers remote technical support to Treasury employees.
According to officials, the hackers managed to override security protocols using a compromised access key.
A Treasury spokesperson detailed the timeline:
“BeyondTrust first detected suspicious activity on December 2, but it took three days to confirm the breach. We were notified on December 8.”
Scope and Impact
The department classified this as a “major incident,” with the hackers gaining access to:
- Multiple Treasury employee workstations
- Various unclassified documents
- Potential ability to create accounts or modify passwords during the three-day window
Investigation and Response
The Treasury Department has initiated a multi-agency investigation, involving:
- The Federal Bureau of Investigation (FBI)
- The Cybersecurity and Infrastructure Security Agency
- Third-party forensic investigators
“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” Treasury officials stated in their letter to lawmakers.
Chinese Response to Allegations
The Chinese embassy in Washington DC strongly refuted the accusations. Spokesman Liu Pengyu stated:
“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.”
He added:
“The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”
Broader Context and Implications
This breach follows a pattern of high-profile cyber incidents attributed to Chinese actors, including a recent hack of telecommunications companies that potentially compromised phone records across the United States.
The Treasury Department has promised a supplemental report to lawmakers within 30 days, highlighting the ongoing nature of the investigation.
Security Measures and Future Steps
The compromised BeyondTrust service has been taken offline, and officials report no evidence of continued unauthorized access. A Treasury spokesperson emphasized:
“The Treasury Department takes very seriously all threats against our systems, and the data it holds,” indicating ongoing efforts to strengthen their cybersecurity infrastructure.
The full extent of the breach remains under investigation, particularly regarding the nature and sensitivity of the accessed files and the potential long-term implications for national security.
