Treasury Department responds to "major" breach linked to China
Add Axios as your preferred source to
see more of our stories on Google.
Photo: Kent Nishimura / Los Angeles Times via Getty Images
Hackers connected to China's government successfully breached several Treasury Department workstations and accessed unclassified documents, according to a letter to Congress on Monday.
Why it matters: The U.S. government is already scrambling to respond to an ongoing China-backed hack of American telecom networks that targeted several high-profile officials.
Zoom in: Aditi Hardikar, Treasury's assistant secretary for management, wrote in a letter to the Senate Banking Committee that the department was notified of a "major" cyber incident on Dec. 8.
- The hackers, which Treasury has linked to an unspecified Chinese state-sponsored hacking group, gained access to Treasury's networks via software service provider BeyondTrust, according to the letter.
- Chinese hackers stole a key that BeyondTrust uses to "secure a cloud-based service used to remotely provide technical support" for several Treasury Department users.
- The hackers were able to leverage that access to override BeyondTrust's security controls and access unclassified documents.
- A Treasury spokesperson said in a statement to Axios that the "compromised BeyondTrust service has been taken offline" and there is "no evidence indicating a threat actor has continued access to Treasury systems or information."
Catch up quick: Several BeyondTrust customers are responding to breaches involving the cybersecurity vendor's tools.
- BeyondTrust has said that hackers targeted a "limited number" of customers using its Remote Support SaaS tool.
- The company has revoked the stolen key and notified all known impacted customers.
The big picture: China has been escalating its cyberattacks against the United States.
- Last week, a Biden administration official said the number of U.S. telcos hacked in the Salt Typhoon breach had increased to nine.
- U.S. officials have also been working with critical infrastructure organizations to kick out the Volt Typhoon group — which officials say has spent at least five years exploring vulnerabilities in routers, firewalls and VPNs to target water, transportation, energy and communications systems across the country.
What's next: Treasury said in the letter that it is actively working with the FBI, the Cybersecurity and Infrastructure Security Agency and the intelligence community to investigate the breach.
What they're saying: The Chinese Embassy in Washington, D.C., issued a media statement accusing the U.S. of "smear attacks."
- CISA referred all questions to the Treasury Department.
More from Axios:
- Telcos struggle to boot Chinese hackers from networks
- Chinese hacking "typhoons" threaten U.S. infrastructure
- U.S. sanctions, charges Chinese hacker for infecting firewalls
Editor's note: This article has been updated with comment from the Chinese Embassy in Washington, D.C.
