The U.S. Treasury Department disclosed on Monday that it fell victim to a major cybersecurity breach in December, which officials have attributed to Chinese government-backed hackers.
According to a letter sent to House lawmakers, the attackers gained unauthorized remote access to Treasury employee workstations and accessed unclassified documents. The breach occurred after hackers obtained a security key from BeyondTrust, a cybersecurity vendor that provides remote technical support services to the department.
The Treasury Department was notified of the incident on December 8 by BeyondTrust. Upon discovery, the department engaged the Cybersecurity and Infrastructure Security Agency (CISA) for assistance in addressing the breach.
While the specific Chinese hacking group responsible has not been identified, the Treasury confirmed the attack originated from state-sponsored actors. By December 30, officials found no evidence suggesting the hackers maintained ongoing access to Treasury systems.
Treasury spokesperson Michael Gwin stated that the department takes all system threats seriously and has strengthened its cyber defenses over the past four years. The department continues collaborating with private and public sector partners to protect the financial system.
This incident follows a pattern of recent Chinese cyber operations targeting U.S. institutions. Previous attacks attributed to China-backed hackers known as Salt Tycoon targeted major telecommunications companies in attempts to access communications of senior government officials and presidential candidates.
The Chinese Embassy in Washington, D.C. has not responded to requests for comment on the Treasury breach.