WASHINGTON (AP) — Chinese hackers remotely accessed several workstations and unclassified documents at the U.S. Treasury Department after compromising a third-party software service provider, the agency said Monday.
The department did not provide details on how many workstations were accessed or what types of documents the hackers may have obtained, but said in a letter to lawmakers disclosing the breach that “there is no evidence at this time to indicate that the threat actor is continued access to information from the Ministry of Finance.” It says the hack is being investigated as a “major cybersecurity incident.”
“The Treasury Department takes all threats against our systems and the data they contain very seriously,” a ministry spokesperson said in a separate statement. “Over the past four years, the Treasury Department has significantly strengthened its cyber defenses, and we will continue to work with private and public sector partners to protect our financial system from threat actors.”
The revelation comes as U.S. officials continue to grapple with the fallout from a massive Chinese cyberespionage campaign known as Salt Typhoon, which gave officials in Beijing access to private texts and phone calls of an unknown number of Americans. A top White House official said Friday that the number of telecommunications companies confirmed to have been affected by the hack had now risen to nine.
The Treasury Department said it became aware of the problem on December 8, when a third-party software services provider, BeyondTrust, flagged that hackers had stolen a key “used by the vendor to secure a cloud-based service it uses to provide remote technical support. to employees. That key helped the hackers bypass the service’s security and gain remote access to several employee workstations.
The compromised service has since been taken offline and there is no evidence the hackers still have access to department information, Aditi Hardikar, an assistant secretary of the Treasury, said in a letter to Senate Banking Committee leaders on Monday.
The department said it was working with the FBI, the Cybersecurity and Infrastructure Security Agency and others to investigate the impact of the hack, and attributed the hack to Chinese state-sponsored perpetrators. It was not elaborated.
