Treasury Confirms Unauthorized Access Through Third-Party Provider
In a significant development highlighting cybersecurity challenges facing U.S. government institutions, the Treasury Department has confirmed a security breach by Chinese state-sponsored actors who gained access to several department workstations through a third-party service provider.
“The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury spokesperson stated, addressing immediate concerns about ongoing system vulnerability.
Details of the breach
According to a letter sent to the Senate Banking Committee leadership and reviewed by AFP, the incident occurred in early December when hackers exploited vulnerabilities in BeyondTrust, a cybersecurity service provider contracted by the Treasury. The breach enabled remote access to Treasury workstations and certain unclassified documents.
The Treasury Department’s response was swift, immediately engaging with the US Cybersecurity and Infrastructure Security Agency (CISA) upon notification from BeyondTrust. The department has since been collaborating with law enforcement partners to assess the full extent of the breach.
Chinese connection
In a notable revelation, the Treasury explicitly attributed the attack to China, stating in its congressional letter that “Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.” This classification refers to sophisticated cyberattacks characterized by prolonged unauthorized access and stealth.
A pattern of cyber threats
This incident adds to a growing list of alleged Chinese state-sponsored cyber operations targeting U.S. institutions:
The Justice Department’s September operation to neutralize a worldwide cyber-attack network allegedly operated by Chinese-backed hackers, affecting 200,000 devices.
The February dismantling of the “Volt Typhoon” hacking group, which had targeted critical infrastructure including water treatment plants and transportation systems.
Microsoft’s 2023 disclosure of the Storm-0558 group’s breach of approximately 25 organizations and government agencies, including high-profile targets such as the State Department and Commerce Secretary Gina Raimondo’s email accounts.
Looking ahead
While the full impact of the breach remains under investigation, the Treasury has committed to releasing additional details in a forthcoming supplemental report. “Treasury takes very seriously all threats against our systems, and the data it holds,” the spokesperson emphasized, reaffirming the department’s commitment to protecting the U.S. financial system.
The Chinese government has consistently denied involvement in such activities, maintaining its position that it opposes and actively works to prevent all forms of cyberattacks.
This latest incident underscores the ongoing challenges in securing government systems against sophisticated state-sponsored cyber threats, particularly as agencies increasingly rely on third-party service providers for critical security functions.
