Chinese state hackers blamed for a major cyber attack on U.S. Treasury
The US Treasury Department said it experienced a significant data security incident, with officials indicating that Chinese state-sponsored attackers could be responsible for the same.
In a data security incident notice, Aditi Hardikar, Assistant Secretary for Management at the U.S. Department of the Treasury, said that December 8, the department was notified about a data security incident by one of its third-party software service providers, BeyondTrust.
According to BeyondTrust, an unauthorised party gained access to a key used by the company to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.
Using the stolen key, the unauthorised party was able to override the service’s security, remotely access certain user workstations, and access certain unclassified documents maintained by Treasury department workers.
Immediately after identifying the security incident, BeyondTrust took the affected service offline and launched an investigation to determine the scope of the incident. Initial investigations found “no evidence indicating the threat actor has continued access to Treasury information.”
“The investments we have made using discretionary appropriations provided under the Cybersecurity Enhancement Account (CEA) have helped ensure we have strong incident processes and access to detailed logs to support our incident response efforts,” it said.
The Department of the Treasury says it is working with external cyber security experts along with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Intelligence Community to determine the overall impact of the incident.
“CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the department said.
“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” it added.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543