Chinese state-sponsored hackers broke into the U.S. Treasury Department earlier this month and accessed several employee workstations and unclassified documents, according to an agency spokesperson.
The breach was orchestrated through a third-party cybersecurity services provider, BeyondTrust. Hackers were able to gain access to a key used by the vendor to override certain parts of the system, according to a letter the Treasury department sent to lawmakers on Monday and which was reviewed by The Guardian.
“The compromised BeyondTrust service has been taken offline and there is no evidence to indicate that the threat actor continued to have access to Treasury systems or information,” the Treasury Department spokesperson said.
The attack comes amid reports that Chinese state-sponsored actors also breached three of the largest U.S. telecommunications companies earlier this month. During that breach, called Salt Typhoon, cybercriminals were able to access lawmakers’ phone calls and text messages. Lawmakers across the political spectrum condemned the attack.
Following the BeyondTrust alert, the Treasury Department contacted the Cybersecurity and Infrastructure Security Agency (Cisa), the Federal Bureau of Investigation, and third-party forensic investigators to determine the impact of the incident. The Treasury Department said more details will be provided in a 30-day supplemental report.
“Treasury takes all threats to our systems and the data it holds very seriously,” the spokesperson said. “Over the past four years, the Treasury has significantly strengthened its cyber defense and we will continue to work with public and private sector partners to protect our financial system from threat actors.”
BeyondTrust said on its website that it had recently identified a security incident involving a limited number of customers of its remote support software. The statement said that a digital key had been compromised in the incident and that an investigation was underway.
A spokesperson for the Chinese embassy in Washington rejected any responsibility for the attack in a response to Reuters, saying Beijing “firmly opposes the United States’ defamatory attacks on China without any factual basis.”