WASHINGTON, DC, USA – The U.S. Treasury Department has revealed that a China state-sponsored hacking group carried out a cyberattack on its systems, gaining access to some workstations and unclassified documents.
The breach, attributed to an Advanced Persistent Threat (APT) actor, was facilitated through a compromised third-party cybersecurity service provider, BeyondTrust, according to a letter sent to Congress, reported on Monday, December 30, 2024.
Details of the Breach
The breach occurred earlier this month when the APT actor exploited vulnerabilities in BeyondTrust’s systems to remotely access Treasury workstations.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) was notified by Treasury after BeyondTrust identified the breach.
Treasury has since taken the compromised service offline and stated there is no evidence suggesting continued unauthorized access.
“Treasury takes very seriously all threats against our systems, and the data it holds,” a Treasury spokesperson said, adding that the department is working with law enforcement and cybersecurity agencies to assess the full impact of the breach.
Attribution to China
In its communication to the Senate Banking Committee, the Treasury Department confirmed that the attack was linked to a Chinese state-sponsored APT actor.
APTs refer to sophisticated cyber operations where attackers maintain unauthorized access to systems over extended periods, often to gather intelligence or disrupt operations.
This incident adds to a growing list of cyberattacks attributed to Chinese-linked hackers targeting U.S. government, military, and corporate entities.
Broader Context
The breach comes amid heightened tensions between the United States and China over cybersecurity.
The U.S. has repeatedly accused Beijing of backing hacking groups that target critical infrastructure, government agencies, and businesses.
- September 2023: The U.S. Justice Department disrupted a Chinese government-backed cyberattack network affecting 200,000 devices globally.
- February 2024: Authorities dismantled the “Volt Typhoon” network, which targeted public sector infrastructure such as water treatment plants and transportation systems.
- 2023 Microsoft Breach: Chinese hackers, identified as Storm-0558, breached the email accounts of 25 organizations and government agencies, including the State Department and Commerce Secretary Gina Raimondo.
China has consistently denied allegations of state-sponsored hacking, asserting its opposition to all forms of cyberattacks.
Treasury’s Next Steps
The Treasury Department has pledged to release additional details in a supplemental report and continues to collaborate with CISA, law enforcement, and intelligence agencies to safeguard the U.S. financial system.
“We are committed to protecting Treasury’s systems and the sensitive data they contain,” the spokesperson emphasised.
Growing Concerns
This latest incident underscores the persistent threat of state-sponsored cyberattacks targeting critical U.S. infrastructure and institutions.
As sophisticated hacking operations evolve, government agencies face increasing pressure to bolster cybersecurity defenses and prevent further breaches.
Congressional leaders have called for stronger measures to combat cyber threats, urging the administration to hold accountable those responsible for attacks on U.S. systems.
With tensions between the U.S. and China already strained, this breach is likely to intensify calls for action against state-sponsored cyber operations.
