Chinese Hackers Breach U.S. Treasury Department, Steal Documents

Chinese state-sponsored hackers infiltrated the U.S. Treasury Department earlier this month, gaining access to unclassified documents stored on departmental workstations, according to a letter provided to lawmakers and shared with Reuters on Monday.

The breach, labeled a “major incident,” occurred after hackers compromised a third-party cybersecurity service provider, the letter revealed. Using a stolen key, the attackers bypassed security measures of a cloud-based service used for remote technical support by Treasury Departmental Offices (DO) staff. This enabled them to access and extract certain unclassified documents maintained by affected users.

The Treasury Department was alerted to the breach by cybersecurity provider BeyondTrust and has since been working closely with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to evaluate the hack’s impact and mitigate potential risks.

BeyondTrust, CISA, and the FBI have yet to comment on the incident. The breach highlights ongoing vulnerabilities in U.S. government cybersecurity infrastructure and the persistent threat posed by state-sponsored hacking campaigns.

-Agency