A state-backed actor from China successfully breached US Treasury Department workstations earlier this month, accessing “unclassified” documents through a cloud service intrusion. The cyber intruders targeted a third-party security system, BeyondTrust, which alerted the Treasury of the breach on Dec. 8. The compromised service was subsequently taken offline and there is no evidence indicating that the threat actor still has access to Treasury systems or information. Treasury officials informed the Senate Committee on Banking, Housing and Urban Affairs about the breach in a letter reviewed by The Post.
BeyondTrust identified the breach and revealed that the “threat actor” had obtained a key needed to get remote access to the cloud service, allowing them to bypass security systems in place and access materials from Treasury workstations. The Treasury is working with various agencies and investigators, including the FBI, third-party forensic investigators, and the Cybersecurity and Infrastructure Security Agency, to address the matter. The hack has raised concerns about the Chinese hacking group Salt Typhoon, which has been linked to other high-profile hacks, including one targeting a telecommunications system that allegedly gave Beijing access to communication by top US officials.
China has a history of hacking critical government departments, including the US State and Commerce Departments. Microsoft revealed last year that a “China-based actor” had hacked into accounts affecting over two dozen organizations, further highlighting the ongoing cybersecurity threats posed by state-backed actors. Treasury Secretary Janet Yellen has made efforts to improve relations with China through diplomatic channels, including traveling to Beijing last year and earlier this year. However, trade disputes between the US and China are expected to escalate under the incoming administration of President-elect Donald Trump.
In response to the breach, Treasury officials stated that they have significantly bolstered their cyber defense over the last four years and will continue to work with public and private sector partners to protect the financial system from threat actors. The collaboration with various agencies and investigators indicates a multi-faceted approach to addressing the breach and strengthening cybersecurity measures moving forward. The Post contacted representatives for BeyondTrust and China’s embassy in the US for comment on the incident, as the implications of the breach continue to unfold and highlight the ongoing challenges posed by state-sponsored cyber threats. The hacking incident underscores the importance of ongoing vigilance and cooperation in combatting cybersecurity threats from foreign actors.
