U.S. Treasury confirms it was breached by China-backed hackers

According to a letter from the US Treasury Department to lawmakers revealed on Monday, December 30, Chinese hackers successfully infiltrated the department’s systems and stole government documents this month.

The violation, first reported by Reutersalso highlights another case of state-sponsored cyber espionage targeting US government employees – moments later AT&T and Verizon have finally dealt with Salt Typhoon. In a statement to Senator Sherrod Brown, chairman of the Committee on Banking, Housing and Urban Affairs, the Treasury confirmed that the attack took place in December.

In the letter, the department states that the breach was reported by a third-party cybersecurity vendor, BeyondTrust, which discovered that attackers had compromised a key used to secure a cloud-based service. This service was integral to providing remote technical support to end users in the department’s offices.

“With access to the stolen key, the threat actor was able to [to] override the security of the service, remotely access certain workstations of Treasury DO users, and access certain unclassified documents maintained by those users,” the letter reads.

The Treasury revealed that it was alerted to the breach on December 8 and is collaborating with the FBI and the US Cyber ​​Security and Infrastructure Agency (CISA) to assess the scope of the incident. Reuters reports that the FBI has not yet responded to requests for comment, while CISA has redirected questions to the Treasury.