Chinese state-sponsored hackers breached U.S. Treasury Department systems this month, exploiting vulnerabilities in a third-party cybersecurity provider, BeyondTrust. According to a Treasury letter to lawmakers, the attackers accessed unclassified documents by compromising a digital key used to secure BeyondTrust’s cloud-based remote support service. This allowed the hackers to override security measures and remotely access certain Treasury user workstations.
The Treasury Department, alerted by BeyondTrust on December 8, is collaborating with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to evaluate the incident’s impact.
BeyondTrust, headquartered in Georgia, acknowledged the breach, stating it had addressed the issue and notified affected clients and law enforcement. Its investigation, initiated after identifying the compromised key, is ongoing.
Tom Hegel, a cybersecurity researcher at SentinelOne, noted the breach aligns with a pattern of operations by Chinese groups that exploit trusted third-party services, a growing trend in recent years.
A Chinese Embassy spokesperson in Washington denied the allegations, criticizing the U.S. for making baseless accusations.
While BeyondTrust and the Treasury Department provided limited details, the breach underscores the risks posed by third-party service providers in safeguarding critical infrastructure.
Also read: Siemens Reviews Stake in Healthineers
