The U.S. Treasury Department told lawmakers in a letter Monday that it suffered a cyberattack in early December that it blamed on hackers from the Chinese government.
In a letter shared with senior members of the U.S. House of Representatives and seen by TechCrunch, the Treasury Department said the hackers gained remote access to certain workstations of Treasury Department employees and accessed unclassified documents, calling it a “critical It is called a “cybersecurity incident.”
The Treasury Department reported on December 8 from BeyondTrust, a company that provides identity access and remote support technology to large organizations and government agencies, that hackers “gained keys used by the vendor” to provide remote access technology support. '', he said. Ministry of Finance official. BeyondTrust disclosed the incident at the time, but did not say how the key was obtained.
A spokesperson for BeyondTrust did not respond to a request for comment as of press time.
The department has requested assistance from the U.S. cybersecurity agency CISA, and as of Dec. 30, “there is no evidence that threat actors continue to access Treasury information,” according to the letter.
In a letter, the Treasury Department confirmed that the breach was the work of a Chinese state-led advanced persistent threat group and indicated the support of the Chinese government. It is not clear which group is behind the breach, and a spokesperson did not say so.
Treasury spokesman Michael Gwinn said in a brief statement that the hackers were able to “remotely access the workstations of multiple Treasury Department users and certain non-classified documents controlled by those users.”
“Treasury takes all threats to our systems and the data stored on them very seriously. Over the past four years, Treasury has significantly strengthened our cyber defenses and will continue to “We continue to work with our public sector partners to protect the financial system from threat actors,” the spokesperson said.
This is the latest China-linked cyberattack to target the U.S. government in recent months. A Chinese-backed hacker group known as Salt Tycoon has launched a series of cyberattacks targeting U.S. phone companies and internet giants such as AT&T and Verizon in an attempt to gain access to the private communications of U.S. government officials, including presidential candidates. I was behind it.
A spokesperson for the Chinese embassy in Washington, D.C., did not immediately respond to a request for comment.