Chinese state-sponsored hackers breached the US treasury department earlier this month, accessing several employee workstations and unclassified documents, according to an agency spokesperson.
The breach was orchestrated via a third-party cybersecurity service provider, BeyondTrust. Hackers were able to gain access to a key used by the vendor to override certain parts of the system, according to a letter the treasury department sent to lawmakers on Monday that was reviewed by the Guardian.
“The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to treasury systems or information,” the treasury department spokesperson said.
The hack comes amid reports that Chinese state-sponsored actors also breached three of the largest US telecommunications companies earlier this month. During that breach, called Salt Typhoon, cybercriminals were able to gain access to lawmakers’ phone calls and text messages. Lawmakers across the political spectrum condemned the hack.
After the alert from BeyondTrust, the treasury department contacted the Cybersecurity and Infrastructure Security Agency (Cisa), the Federal Bureau of Investigation and third-party forensic investigators to determine the impact of the incident. The treasury department said more details will be made available in a 30-day supplemental report.
“Treasury takes very seriously all threats against our systems and the data it holds,” the spokesperson said. “Over the last four years, treasury has significantly bolstered its cyber defense and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
BeyondTrust said on its website that it had recently identified a security incident that involved a limited number of customers of its remote support software. The statement said a digital key had been compromised in the incident and that an investigation was under way.