Photo: Kmatta / Moment / Getty Images
Chinese hackers have breached several U.S. Treasury Department workstations, accessing unclassified documents. The breach, attributed to a China state-sponsored Advanced Persistent Threat (APT) actor, is being investigated as a "major cybersecurity incident."
The hackers gained access by compromising a third-party software service provider, BeyondTrust, which allowed them to override security and access employee workstations remotely. The Treasury Department learned of the breach on December 8 and has since taken the compromised service offline. There is currently no evidence that the hackers still have access to Treasury information, according to a statement from the department.
The breach comes amid ongoing concerns about Chinese cyberespionage, including a campaign known as Salt Typhoon, which targeted U.S. telecommunications firms. The Treasury Department is working with the FBI and the Cybersecurity and Infrastructure Security Agency to investigate the incident.
China has denied involvement, with Foreign Ministry spokesperson Mao Ning calling the allegations "groundless" and asserting that China opposes all forms of hacking.
The breach highlights the ongoing cybersecurity challenges faced by the U.S. government, particularly in protecting sensitive financial data. The Treasury Department plans to reveal more details in a forthcoming report to Congress.