In a stunning cyber-attack earlier this month, Chinese state-sponsored hackers gained access to the U.S. Treasury Department’s workstations and stole sensitive documents, a breach described as a “major incident.” The hack, which was discovered after a third-party cybersecurity provider’s system was compromised, exposed unclassified documents from Treasury Departmental Offices (DO).
According to a letter sent to U.S. lawmakers and obtained by Reuters, the hackers infiltrated the Treasury through a third-party service provider, BeyondTrust, which provides remote technical support to Treasury officials. By stealing a key that was used to secure cloud-based services, the hackers were able to bypass security protocols, remotely access user workstations, and extract unclassified documents.
The Treasury Department responded swiftly, collaborating with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the full scope of the damage. Despite the breach affecting unclassified materials, it still represents a significant compromise of sensitive government data. Both the FBI and CISA are working to evaluate the breach’s impact, although they have not yet provided specific details.
BeyondTrust, the cybersecurity provider whose key was stolen, acknowledged the breach, referring to it as a “security incident” affecting a limited number of customers. While BeyondTrust has confirmed the ongoing investigation, no further information on the breach’s depth has been revealed.
This incident comes at a time when cyber espionage is a growing concern, with China routinely denying involvement in cyber-attacks against foreign governments. As the investigation continues, questions loom over how foreign actors can exploit third-party systems to infiltrate U.S. government infrastructure.