(Bloomberg) — The U.S. Treasury Department was hacked by a Chinese state-sponsored actor through a third-party software service provider, according to a letter the agency sent to Congress on Monday.
Most read from Bloomberg
The Treasury Department described the breach as a “major cybersecurity incident” because it was attributed to a state-sponsored actor, according to the letter, which was reviewed by Bloomberg News.
The Treasury Department was notified on December 8 by a third-party software vendor, BeyondTrust Inc., that a hacker had gained access “to a key used by the vendor to secure a cloud-based service used to… to provide remote technical support to the ministries of the Ministry of Finance. (DO) end users,” the letter said.
The department is assisted by the Cybersecurity and Infrastructure Security Agency, the FBI, the intelligence community and external forensic investigators.
Based on the available information, sophisticated hackers linked to China were behind the incident, according to the letter.
The Chinese embassy in Washington opposes U.S. “slander attacks against China without any factual basis,” according to an emailed statement. “The US must stop using cybersecurity to smear and defame China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat,” the report said.
BeyondTrust, which sells managed access software and other cybersecurity products, has contracts with the federal government worth more than $4 million, according to government data compiled by Bloomberg. The data shows that in addition to the Treasury Department, BeyondTrust also does business with the Department of Defense, the Department of Veterans Affairs and the Department of Justice, along with other agencies.
A BeyondTrust spokesperson said Monday evening that a limited number of customers were affected, notified and offered support. The spokesperson added that police had been contacted and the company was supporting the investigation.
The Department of Defense, Department of Justice and Department of Veterans Affairs did not immediately respond to separate requests for comment.
The hacker was able to remotely access certain Treasury Department workstations and “certain unclassified documents controlled by those users,” the department said in the letter to Senators Sherrod Brown and Tim Scott.
“The compromised BeyondTrust service has been taken offline and there is no indication that the threat actor continues to have access to Treasury systems or information,” a Treasury spokesperson said.
The disclosure of the breach comes as the White House continues to investigate what they say is a massive cyberespionage campaign against U.S. telecommunications companies by Chinese state-sponsored hackers. On Friday, the White House said nine telecom companies were affected by the attacks, which are blamed on a Microsoft Corp. group. nicknamed Salt Typhoon.
The hackers are said to have lurked within US telecom networks for months and collected information on an unknown number of US phone calls and text messages. Among the phones targeted were those of then-presidential candidate Donald Trump and his running mate JD Vance, Trump family members and members of Vice President Kamala Harris’ campaign staff and others, the New York Times reported.
The alleged Chinese spying efforts at U.S. telecom companies and the Treasury Department come after a period of relative calm in U.S.-China relations during the final stretch of President Joe Biden’s term.
That included a meeting between Biden and Chinese leader Xi Jinping last month at the APEC summit in Peru, a rare prisoner swap in late November and a renewed agreement earlier this month on science and technology cooperation.
The Salt Typhoon telecom hack came up at the meeting in Peru, where Biden “made it very clear where the US stands on that,” national security adviser Jake Sullivan said at the time. Xi told Biden at the meeting: “There is no evidence to support the irrational claim of the so-called ‘cyber attacks from China,’” the Washington embassy said on Monday.
Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said last week that the administration has planned further actions to hold Beijing accountable after pushing ahead with a ban on China Telecom in the US.
–With help from Jenny Leonard and Jake Bleiberg.
(Updates with BeyondTrust statement, in eighth paragraph.)
Most read from Bloomberg Businessweek
©2024 BloombergLP
