PRC-linked hackers compromised senior US treasury officials’ laptops in major cyberattack

Hackers affiliated with the People’s Republic of China (PRC) have infiltrated laptops belonging to senior officials at the US Treasury Department during a cyberattack last month. According to reports, the attackers accessed locally stored, unclassified materials, raising concerns about the security of sensitive federal information.

The breach was first disclosed in December and executed through BeyondTrust, a third-party cybersecurity vendor contracted by the Treasury and other federal agencies. According to Bloomberg News, which cited a US official and another person familiar with the matter, the attackers utilized a stolen API key to access employee workstations, compromising around 100 government computers. The accessed data reportedly included draft policy documents, travel itineraries, and internal communications. Classified systems and Treasury email accounts remained unaffected, according to reports.

Investigations revealed that the attackers targeted high-profile divisions, including the Office of Foreign Assets Control (OFAC), which oversees economic sanctions, the Office of the Treasury Secretary, and the Office of Financial Research. The Washington Post noted that these offices are critical to the Treasury’s operations, amplifying the breach’s significance.

Earlier this week, the Treasury Department classified the cyberattack as a “major incident” in a letter to the Senate Committee on Banking, Housing, and Urban Affairs. The letter triggered bipartisan scrutiny, with Senator Tim Scott (R-SC) and Rep. French Hill (R-AR) demanding a briefing from Treasury Secretary Janet Yellen by January 10 to detail the breach and outline preventative measures. The lawmakers emphasized the Treasury’s role as a custodian of sensitive information, including tax records and suspicious activity reports, making the breach particularly alarming.

BeyondTrust announced in a public statement that it had revoked the compromised API key and patched the vulnerability responsible for the attack. The company, which holds over $4 million in federal contracts with departments such as Defense, Veterans Affairs, and Justice, reiterated its commitment to strengthening security protocols.

The PRC, meanwhile, denied involvement, dismissing the allegations as baseless accusations. A spokesperson from Beijing described the claims as a "smear attack against China without any factual basis."