Beijing has responded to allegations that a Chinese state-sponsored actor was behind a cyber breach at the US Treasury Department, calling the claims “baseless.”
The breach was orchestrated through a third-party cybersecurity service provider. Hackers were able to gain access to a key used by the vendor to override certain parts of the system, according to a letter the Treasury department sent to lawmakers on Monday and which was reviewed by The Guardian.
According to the Treasury, the incident occurred earlier this month, when the actor was able to remotely access workstations and some unclassified documents.
On Tuesday, China denied the allegations and the Foreign Ministry said Beijing “has always opposed all forms of hacker attacks, and we further oppose the spread of false information against China for political purposes.”
“We have expressed our position many times on unfounded accusations lacking evidence,” said Foreign Ministry spokesman Mao Ning.
Treasury contacted the U.S. Cybersecurity and Infrastructure Security Agency after being alerted to the situation by the third-party vendor and has been working with authorities to determine the impact.
“The compromised service… has been disconnected and there is no evidence to indicate that the threat actor has continued to access Treasury systems or information,” the department spokesperson said.
In its letter to Senate banking committee leaders, Treasury said: “Based on available indicators, the incident has been attributed to a state-sponsored Advanced Persistent Threat (APT) actor from China.”
An APT refers to a cyber attack in which an intruder establishes and maintains unauthorized access to a target, undetected for an extended period of time.
The department did not provide further details about what was affected by the breach, but said more information would be released in a supplemental report at a later date.
“Treasury takes all threats to our systems and the data it holds very seriously,” the spokesperson added.
Several countries, particularly the United States, have expressed alarm in recent years over what they say is Chinese government-backed hacking activity targeting their governments, militaries and companies.
Beijing rejects the allegations and has previously said it opposes and cracks down on all forms of cyberattacks.
In September, the US Department of Justice said it had neutralized a cyberattack network that affected 200,000 devices worldwide, alleging it was run by hackers backed by the Chinese government.
In February, US authorities also said they had dismantled a hacking network known as “Volt Typhoon.”
The group was said to target key public sector infrastructure, such as water treatment plants and transportation systems, at the behest of China.
In 2023, tech giant Microsoft said that China-based hackers seeking intelligence information breached the email accounts of several US government agencies.
The group, Storm-0558, had breached email accounts at approximately 25 organizations and government agencies.
Accounts belonging to the State Department and Commerce Secretary Gina Raimondo were among those hacked in that breach.