
The US Treasury Department has alerted lawmakers to a cybersecurity breach involving a Chinese state-sponsored actor, marking what officials describe as a “major incident.”
According to a letter obtained by CNN on Monday, the Treasury learned on December 8 from a third-party software provider that a stolen key had been used to remotely access certain Treasury workstations and unclassified documents.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” wrote Aditi Hardikar, assistant secretary for management at the US Treasury, in the letter.
A Treasury spokesperson confirmed to CNN that the compromised service has been taken offline, and officials are actively collaborating with law enforcement and the Cybersecurity and Infrastructure Security Agency (CISA).
“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” the spokesperson said.
The letter to Senate Banking Committee leadership revealed that the breach stemmed from BeyondTrust, a third-party software provider. Hackers reportedly accessed a key used by BeyondTrust to secure a cloud-based service employed by Treasury for technical support.
BeyondTrust has yet to respond to requests for comment.
The exact number of affected workstations remains unclear, though the Treasury spokesperson noted that “several” user workstations were accessed.
The full extent of the breach’s impact is still under investigation.