Chinese Hackers Access Treasury Data Through Security Vendor Breach

Hackers linked to the Chinese government have infiltrated the U.S. Treasury Department, stealing unclassified documents in what officials are calling a “major incident.” The breach was facilitated by a vulnerability in third-party vendor BeyondTrust’s cloud-based support service.

The attackers exploited a compromised digital key to override security protocols and gain remote access to Treasury workstations. The breach allowed them to retrieve unclassified data stored on the compromised systems.

Treasury officials were informed of the incident on December 8 by BeyondTrust. The department has since worked with federal agencies, including the FBI and CISA, to investigate the breach and secure its systems. “Treasury takes very seriously all threats against our systems,” officials said in a statement.

Cybersecurity researchers suggest the attack fits the profile of operations linked to Chinese state-sponsored groups. SentinelOne’s Tom Hegel noted that exploiting third-party services has become a preferred tactic for such groups.

China’s embassy in Washington has rejected the accusations, calling them baseless. BeyondTrust acknowledged a recent security breach affecting its remote support software and stated that an investigation is ongoing.

The compromised service has been shut down, and officials believe there is no further risk of unauthorized access at this time.