China-Backed Hackers Breach US Treasury Workstations in Major Cyberattack
On Monday, December 30, 2024, the US Treasury Department confirmed a significant cyberattack by Chinese state-sponsored hackers. Officials described the breach as a “major incident,” raising alarms about national cybersecurity vulnerabilities.
In a letter to lawmakers, Treasury officials revealed that on December 8, a third-party software provider detected unauthorized access to Treasury workstations. Hackers reportedly used a stolen key to remotely access unclassified documents and systems. The incident was linked to an Advanced Persistent Threat (APT) group backed by the Chinese government.
A Treasury spokesperson assured that the compromised software has been taken offline. The Cybersecurity and Infrastructure Security Agency (CISA) and law enforcement agencies are actively investigating. Officials emphasized there is no evidence suggesting ongoing hacker access to Treasury systems.
The breach was traced back to a third-party vendor, BeyondTrust, which provides technical support services. On December 2, BeyondTrust detected suspicious activity in its Remote Support product. After confirming the breach on December 5, the company began notifying affected customers by December 8. The vendor has since quarantined affected systems and hired an external cybersecurity team to assist investigations.
Although the exact number of affected Treasury workstations remains unclear, officials confirmed that “several” were accessed. According to Treasury policy, such intrusions are classified as “major cybersecurity incidents,” requiring detailed reporting and follow-ups within 30 days.
A classified briefing for House Financial Services Committee staffers is planned for next week to address the breach’s scope and ongoing mitigation efforts.
Authorities, including the FBI, US intelligence agencies, and CISA, continue to work with forensic experts to understand the full impact of the breach. BeyondTrust assured stakeholders that no other products were compromised and pledged full cooperation with ongoing investigations.
This breach underscores the persistent threat posed by state-sponsored cyberattacks and highlights the critical need for robust cybersecurity measures across government systems.
#CyberAttack #USATreasury #ChinaHackers #CyberSecurity #DataBreach
