US Treasury says was targeted by China state-sponsored cyberattack

THE US Treasury Department said on Monday (Dec 30) that a China state-sponsored actor was behind a cyber breach resulting in access to some of its workstations, according to a letter to Congress seen by AFP.

The incident happened earlier this month, when the actor compromised a third-party cybersecurity service provider and was able to remotely access the Treasury workstations and some unclassified documents, a Treasury spokesperson added.

Treasury contacted the US Cybersecurity and Infrastructure Security Agency after it was alerted to the situation by its provider BeyondTrust, and has been working with law enforcement partners to ascertain the impact.

“The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” the department’s spokesperson said.

In its letter to the leadership of the Senate Banking Committee, the Treasury said: “Based on available indicators, the incident has been attributed to a China state-sponsored advanced persistent threat (APT) actor.”

An APT refers to a cyberattack where an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period of time.

BT in your inbox

Start and end each day with the latest news stories and analyses delivered straight to your inbox.

Sign Up

Sign Up

The department did not provide further details on what was affected by the breach, but said more information would be released in a supplemental report at a later date.

“Treasury takes very seriously all threats against our systems, and the data it holds,” the Treasury spokesperson added.

The official said that the department would continue working to protect the US financial system from threats.

SEE ALSO

AT&T, Verizon say networks now clear after Salt Typhoon hack

US plans more actions against China over telecom hack

Hackers hijack a wide range of companies’ Chrome extensions: experts

Japan Airlines says systems restored after cyberattack

Japan, US blame North Koreans for US$300 million crypto theft

Losses from crypto hacks jump to US$2.2 billion in 2024: report

US considers ban on China’s TP-Link over security concerns: WSJ

Chinese cybersecurity firm sanctioned, employee charged by US

Chinese hackers breached eight US telecom providers: White House

More

Alarm over hacks

Several countries, notably the United States, have voiced alarm in recent years at what they say is Chinese government-backed hacking activity targeting their governments, militaries and businesses.

Beijing rejects the allegations, and has previously said that it opposes and cracks down on all forms of cyberattacks.

In September, the US Justice Department said it had neutralised a cyberattack network that affected 200,000 devices worldwide, alleging it was run by hackers backed by the Chinese government.

In February, US authorities also said they had dismantled a network of hackers known as “Volt Typhoon”.

The group was said to be targeting key public sector infrastructure such as water-treatment plants and transportation systems at the behest of China.

In 2023, tech giant Microsoft said Chinese-based hackers seeking intelligence information breached the e-mail accounts of a number of US government agencies.

The group, Storm-0558, had breached e-mail accounts at approximately 25 organisations and government agencies.

Accounts belonging to the State Department and Commerce Secretary Gina Raimondo were among those hacked in that breach. AFP