Chinese hackers gained remote access to several U.S. Treasury Department workstations and unclassified documents after compromising a third-party software service provider, the agency said Monday.
The department did not provide details on how many workstations were accessed or what types of documents the hackers may have obtained, but said in a letter to lawmakers disclosing the breach that “there is no evidence at this time to indicate that the threat actor is continued access to information from the Ministry of Finance.” It says the hack is being investigated as a “major cybersecurity incident.”
“The Treasury Department takes all threats against our systems and the data they contain very seriously,” a ministry spokesperson said in a separate statement. “Over the past four years, the Treasury Department has significantly strengthened its cyber defenses, and we will continue to work with private and public sector partners to protect our financial system from threat actors.”
TRENDING STORIES:
The Treasury Department said it learned of the problem on December 8, when service provider BeyondTrust reported that hackers had stolen a key “used by the vendor to secure a cloud-based service used to provide remote technical support.” ” to employees. That key helped the hackers bypass the service’s security and gain remote access to several employee workstations.
BeyondTrust is based in Johns Creek and says on its website that it “fights every day to secure identities, intelligently remediate threats and provide dynamic access to strengthen and protect organizations around the world.”
The revelation comes as U.S. officials continue to grapple with the fallout from a massive Chinese cyberespionage campaign known as Salt Typhoon, which gave officials in Beijing access to private texts and phone calls of an unknown number of Americans. A top White House official said Friday that the number of telecommunications companies confirmed to have been affected by the hack had now risen to nine.
The compromised service has since been taken offline and there is no evidence the hackers still have access to department information, Aditi Hardikar, an assistant secretary of the Treasury, said in a letter to Senate Banking Committee leaders on Monday.
The department said it was working with the FBI, the Cybersecurity and Infrastructure Security Agency and others to investigate the impact of the hack, and attributed the hack to Chinese state-sponsored perpetrators. It was not elaborated.
The Associated Press contributed to this article.
