According to the US Treasury Department, it is still collaborating with law enforcement to determine the extent of the incident.
In a letter to Congress obtained by the AFP news agency, the US Treasury Department said that a “China state-sponsored” actor was responsible for a cyberattack that gained access to some of its workstations.
According to a Treasury spokeswoman on Monday, the incident occurred earlier this month when the actor gained remote access to the Treasury workstations and certain unclassified documents after breaching a third-party cybersecurity service provider.
Following notification from its provider BeyondTrust, Treasury reached out to the US Cybersecurity and Infrastructure Security Agency, which has been collaborating with law enforcement partners to determine the implications.
“The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a representative for the department stated.
According to the Treasury’s letter to the Senate Banking Committee’s leadership, “Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.”
An advanced persistent threat (APT) is a cyberattack in which a hacker gains and sustains unauthorized access to a target while evading detection for an extended length of time.
The government stated that further information would be made public in a supplemental report at a later time, but it did not elaborate on what was impacted by the breach.
“Treasury takes very seriously all threats against our systems, and the data it holds,” the Treasury spokeswoman continued.
According to the person, the government will keep up its efforts to defend the US financial system against dangers.
Concern concerning hacks
In recent years, a number of nations—most notably the United States—have expressed concern about what they claim is cyber activity supported by the Chinese government that targets their governments, militaries, and corporations.
Beijing denies the accusations and has stated in the past that it opposes and combats cyberattacks in all their forms.
The US Justice Department said in September that it had taken down a cyberattack network that impacted 200,000 devices globally and that hackers with Chinese government support were behind it.
In February, US police also claimed to have taken down a cyber network called “Volt Typhoon.”
According to reports, the group was acting at China’s request to attack important public sector infrastructure, such as transportation and water treatment facilities.
The IT behemoth Microsoft claimed in 2023 that several US government organizations’ email accounts had been compromised by Chinese hackers looking for intelligence data.
The group Storm-0558 had compromised email accounts belonging to about 25 government agencies and organizations.
Among the compromised accounts were that of Gina Raimondo, the secretary of commerce, and the State Department.
