The U.S. Treasury Department officially confirmed a significant cybersecurity breach occurring in December, attributing the intrusion to state-sponsored hackers from China. In a formal communication to senior House lawmakers, officials characterized the event as a “major cybersecurity incident” involving unauthorized remote access to government workstations and unclassified files.
The Breach: How Hackers Infiltrated Treasury Systems
The intrusion was triggered by a compromise at BeyondTrust, a third-party vendor providing identity and remote support technology to government agencies. On December 8, BeyondTrust notified the Treasury that attackers had successfully obtained a technical support key used to facilitate remote access for employees.
While BeyondTrust acknowledged the incident at the time, they did not initially disclose how the key was acquired. Company spokesperson Mike Bradshaw later confirmed that a “limited number of customers” were affected by the breach, though he did not explicitly identify the Treasury as one of the targets.
Response and Remediation Efforts
Following the discovery, the Treasury engaged the Cybersecurity and Infrastructure Security Agency (CISA) to investigate the scope of the unauthorized access. According to the department’s letter, as of December 30, there is no evidence that the threat actors maintain ongoing access to Treasury information.
Treasury spokesperson Michael Gwin stated that while the hackers accessed several user workstations and specific unclassified documents, the department has prioritized strengthening its cyber defenses over the past four years. “Treasury takes very seriously all threats against our systems, and the data it holds,” Gwin noted.
Geopolitical Context and Chinese Denial
This incident follows a pattern of high-profile cyberattacks attributed to China targeting U.S. infrastructure. In recent months, a group identified as “Salt Typhoon”—also linked to Beijing—orchestrated campaigns against major American telecommunications firms, including Verizon and AT&T, aiming to intercept communications of senior U.S. officials.
The Chinese government has rejected the latest allegations. Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, D.C., denied the attribution, claiming that the United States failed to provide credible evidence to support its accusations regarding the Treasury breach.
For more details on the correspondence regarding this incident, you can review the official letter shared with House lawmakers.