Chinese-Backed Cyberattack on the U.S. Treasury Department

At the beginning of December, the U.S. Treasury Department was targeted in a cyberattack allegedly carried out by a China-backed actor.

In a letter to Congress regarding the incident, the Treasury Department confirmed the occurrence of a “significant event.”

According to reports from Anadolu Agency, the Department learned on December 8th through third-party software service provider BeyondTrust that hackers had gained access to a cloud service used for remote technical support to Treasury Department office end-users.

The hackers reportedly accessed certain workstations remotely and obtained some unclassified documents. The attack was attributed to a Chinese state-backed actor.

The U.S. Treasury Department stated it had reached out to the Cybersecurity and Infrastructure Security Agency (CISA) and was working with security forces to assess the impact of the attack.

The Department added that the compromised BeyondTrust service was taken offline, and there is no evidence suggesting that the threat actor maintained access to Treasury systems or data.

In its statement, the Department emphasized its serious approach to all threats to its systems and data, highlighting significant improvements to its cybersecurity defenses over the past four years. It further noted its ongoing collaboration with private and public sector partners to protect the financial system from threat actors.

4o