Chinese state-sponsored hackers breached the US Treasury Department’s computer security and stole documents in a “major incident,” according to a letter to lawmakers.
The letter said the hackers breached third-party cybersecurity provider BeyondTrust. The cyber attacker gained access to a key used by the vendor to secure the Treasury Department’s cloud-based remote technical support service. As a result, the hacker managed to gain remote access to certain Treasury Department user workstations and unclassified documents.
The Treasury Department claimed it was alerted to the BeyondTrust hack on 8 December. However, a spokesman for the Chinese Embassy in Washington denied any responsibility for the hack, stating that Beijing “firmly opposes the US’s smear attacks against China without any factual basis.”
A BeyondTrust spokesperson said the company “previously identified and took measures to address a security incident in early December 2024.” The spokesperson referred to the company’s announcement on 8 December that the digital key had been compromised.
However, Tom Hegel, a threat researcher at cybersecurity company SentinelOne, argued that the incident “fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services.” He used an acronym for the People’s Republic of China.
