United States Treasury Department says Chinese state-sponsored hackers breached its computer security guardrails in December 2024 and stole documents in what the Treasury called a “major incident”.
The Treasury officials disclosed this in a letter to lawmakers on Monday, December 30, 2024.
The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.
According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said.
The Treasury Department said it was alerted to the breach by BeyondTrust on December 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack’s impact.
Treasury officials didn’t immediately respond to an email seeking further details about the hack. The FBI did not immediately respond to Reuters‘ requests for comment, while CISA referred questions back to the Treasury Department.
U.S., Microsoft seize over 100 websites linked to Russian hackers
“China has always opposed all forms of hacker attacks,” Mao Ning, a spokesperson for China’s foreign ministry, told a regular news conference on Tuesday, December 31.
A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.”
A spokesperson for BeyondTrust, based in Johns Creek, Georgia, told Reuters in an email that the company “previously identified and took measures to address a security incident in early December 2024” involving its remote support product.
BeyondTrust “notified the limited number of customers who were involved,” and law enforcement was notified, the spokesperson said. “BeyondTrust has been supporting the investigative efforts”.
The spokesperson referred to a statement posted on the company’s website on December 8 sharing some details from the investigation, including that a digital key had been compromised in the incident and that an investigation was underway. That statement was last updated on December 18.
Tom Hegel, a threat researcher at cybersecurity company SentinelOne, said the reported security incident “fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services – a method that has become increasingly prominent in recent years,” he said, using an acronym for the People’s Republic of China.”
Borno State Governor, Babagana Umara Zulum, has revealed that he saw his children only three…
Mexican President Claudia Sheinbaum said on Monday she could guarantee a peaceful World Cup opening…
Award-winning Somali referee Omar Artan has been denied entry to the United States for the…
Survivors rescued from a mass abduction in Ngoshe, Gwoza Local Government Area of Borno State,…
Nigerians spent more than N50 billion on United States visa applications between 2023 and 2024…
Nigeria's expenditure on petrol imports fell sharply in the first quarter of 2026, dropping by…
This website uses cookies.