The U.S. Department of the Treasury confirmed on December 30 that a cyberattack targeting its systems was carried out on December 8, 2024, with evidence suggesting Chinese hackers may be responsible. In a letter to the Senate Committee on Banking, Housing, and Urban Affairs, Aditi Hardika, Assistant Secretary for Management at the Treasury, revealed that unauthorized access was gained to certain unclassified documents, though the breach did not extend to classified data.
According to Hardika’s letter, the attack occurred via a vulnerability in a third-party vendor service, BeyondTrust, which provides cloud-based technical support for Treasury offices. The hackers were able to steal a security key used to access the service, which then allowed them to bypass security measures and remotely access workstations of Treasury Department employees.
The Treasury’s initial notice of the breach came from BeyondTrust, which reported the suspicious activity on the affected service. A subsequent investigation revealed the scope of the intrusion, prompting immediate involvement from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other federal agencies. The breach was reported to the Senate committee after an assessment of the damage and the potential risks posed by the attack.
As the FBI investigates, initial findings indicate that the threat actor was able to access certain Treasury documents, but no evidence has emerged suggesting continued unauthorized access to the Department’s systems. The compromised BeyondTrust service has since been shut down to prevent further breaches.
In response to the allegations, China’s Foreign Ministry spokesperson, Mao Ning, denied any involvement, calling the accusations “groundless” and emphasizing that Beijing opposes all forms of hacking. “We are even more opposed to the spread of false information for political purposes,” Ning said, rejecting any responsibility for the cyberattack.
The investigation remains ongoing, with U.S. authorities working to determine the full extent of the breach and identify the perpetrators. While the FBI has not confirmed the involvement of China at this stage, the attribution to a foreign actor continues to raise concerns about the security of U.S. government systems in the face of increasing cyber threats.
Read More News: