Chinese hackers accessed US Treasury Department in ‘major cybersecurity incident’, agency says

30 December 2024, 22:18 | Updated: 30 December 2024, 22:29

Chinese hackers remotely accessed several US Treasury Department workstations and unclassified documents, the agency has said.

The state-sponsored hackers gained access to the computers and documents by compromising a third-party software service provider, according to a letter sent by the Treasury to Congress.

The Treasury Department said in a letter to politicians revealing the breach that "at this time there is no evidence indicating the threat actor has continued access to Treasury information".

It did not provide details on how many workstations had been accessed or what sort of documents the hackers may have obtained.

It said the hack was being investigated as a "major cybersecurity incident".

"Treasury takes very seriously all threats against our systems, and the data it holds," the department said.

Read more: China accused of hacking personal details of every single member of the armed forces but Beijing dismisses ‘smear’

Read more: Foreign Office interpreter embroiled in accusation of running Chinese 'propaganda' website from Britain

"Over the last four years, Treasury has significantly bolstered its cyber defence, and we will continue to work with both private and public sector partners to protect our financial system from threat actors."

The department said it learned of the problem on December 8 when a third-party software service provider, BeyondTrust, flagged that hackers had stolen a key used by the vendor that helped it override the system and gain remote access to several employee workstations.

The compromised service has since been taken offline, and there is no evidence that the hackers still have access to department information, Aditi Hardikar, an assistant Treasury secretary, said in the letter to leaders of the Senate Banking Committee on Monday.

The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency, and that the hack had been attributed to Chinese culprits. It did not elaborate.

The news came as US officials continue to grapple with the fallout of a massive Chinese cyberespionage campaign known as Salt Typhoon that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans.

Earlier this year, China was accused of hacking the names and bank details of Britain’s entire armed forces.

As many as 270,000 people including regular troops, reservists and some veterans were understood to have been affected by the hack in May.

Defence Secretary Grant Shapps has ordered an independent external investigation after names, addresses, service ID numbers and bank details were put at risk.

Staff were today told to keep a close eye on their social media, emails, and speak to their bank if they were worried, according to a memo seen by LBC.

The Ministry of Defence appeared to blame the bank holiday for failing to tell those affected internally first, telling staff they were “in the process of informing you following the bank holiday weekend”.

Beijing has dismissed the claims as a "smear."

At the time, China's foreign ministry said it "firmly opposes and fights all forms of cyber attacks" and "rejects the use of this issue politically to smear other countries."

A spokesman for the Chinese embassy in the UK said: "The so-called cyber attacks by China against the UK are completely fabricated and malicious slanders."

A top White House official said on Friday that the number of telecommunications companies affected by the hack has now risen to nine.