Chinese state-sponsored hackers have breached computers belonging to senior US Treasury Department officials, according to sources close to the ongoing investigation. The cyber intrusion has compromised approximately 100 government computers, exposing sensitive but unclassified information.
The hackers gained access to internal documents including policy decision drafts, travel itineraries of Treasury leaders, and internal communications stored locally on affected laptops and desktops. However, the department's email system and classified networks remained secure.
The breach occurred through BeyondTrust Inc., a Georgia-based cybersecurity software provider that offers managed access services to the Treasury Department. BeyondTrust notified Treasury of the incident on December 8th after detecting unauthorized access to a security key used for cloud-based support services.
Treasury has characterized this as a "major cybersecurity incident" in a December 30th letter to Congress. The compromised BeyondTrust service has since been taken offline, with no evidence suggesting ongoing unauthorized access to Treasury systems.
The intrusion potentially exposed information about sanctions deliberations, which would be valuable intelligence for Beijing. This comes after Treasury Secretary Janet Yellen's April visit to China, where she warned of consequences for Chinese firms supporting Russia's military efforts.
While Chinese officials deny involvement, calling the allegations "unwarranted and groundless," investigators note that this attack appeared less sophisticated than previous campaigns attributed to Chinese state actors. The hackers seemed to opportunistically collect available data from compromised machines.
The full scope of accessed information remains under investigation as Treasury continues to assess the breach's impact. Beyond Treasury, other victims reportedly include law firms, NGOs, and additional government agencies.