In a massive cybersecurity breach, a Chinese state-sponsored actor gained unauthorized access to US Treasury workstations and unclassified documents, according to a notification sent to Congress on Monday.
The breach, attributed to an Advanced Persistent Threat (APT) actor, was facilitated using a stolen key to remotely infiltrate Treasury systems. The intrusion was first reported by a third-party software service provider on December 8, as per a letter reviewed by CNN.
Aditi Hardikar, Assistant Secretary for Management at the US Treasury, detailed in the letter that the stolen key allowed the hackers to bypass security measures, access specific workstations within the Treasury Departmental Office, and retrieve unclassified documents. The breach has been classified as a "major cybersecurity incident," highlighting its severity.
The compromised service, operated by third-party vendor BeyondTrust, has since been taken offline. According to a Treasury spokesperson, the breach has been contained, and there is "no evidence indicating the threat actor has continued access to Treasury systems or information."
To mitigate the damage and analyze the breach, Treasury officials are working closely with the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, US intelligence agencies, and third-party forensic experts. Immediate actions were taken to secure systems, and further investigations are underway to fully understand the incident's scope.
A classified briefing with the House Financial Services Committee is expected next week, though the exact date is yet to be confirmed, a senior committee staffer told CNN.
BeyondTrust, the vendor involved, stated that hackers exploited a stolen key used to secure a cloud-based technical support service. The breach allowed the attackers to override security measures and access sensitive yet unclassified information.
Hardikar stressed the seriousness of the attack in her letter, adding that CISA was engaged promptly upon discovery, with other agencies informed as the scope became clearer. The full extent of the breach and its impact remain under investigation.
Also Read: Assam: OIL Headquarters In Duliajan Under Cyber Attack