JUST IN: China Hacks U.S. Treasury Department in Major Cyberattack

The Biden administration revealed on Monday, December 30, that a Chinese state-sponsored hacking group infiltrated the U.S. Treasury Department in a significant cybersecurity breach.

The breach, which is part of an ongoing series of high-level cyberattacks on U.S. institutions, allowed hackers to gain access to government employees’ workstations and unclassified documents.

The attack was initially detected on December 8 by BeyondTrust, a third-party software service provider.

According to a letter sent to lawmakers, the hackers managed to obtain a security key that gave them remote access to specific Treasury workstations.

The Treasury Department has attributed the attack to a Chinese state-sponsored group known as an Advanced Persistent Threat (APT) actor, calling it a “major cybersecurity incident.”

Though the full scope of the attack remains unclear, senior U.S. officials suspect that the hackers’ primary objective was espionage rather than disrupting critical infrastructure.

The Treasury Department oversees sensitive information related to global financial systems, sanctions, and economic data, including insights into China’s own financial and economic challenges—areas of significant interest to Beijing.

This breach comes on the heels of similar incidents, such as the hacking of email accounts belonging to U.S. Commerce Secretary Gina Raimondo and other officials involved in decisions on export controls for advanced technologies.

The hacking group, identified as Salt Typhoon, has also targeted U.S. telecommunications companies, compromising phone conversations, text messages, and even surveillance data gathered by the Justice Department.

The breach also raises concerns about Beijing’s potential to uncover which Chinese nationals are under investigation by U.S. intelligence. Many of the communications were intercepted through unencrypted lines used by senior U.S. officials, escalating counterintelligence risks.

The Treasury Department has since collaborated with the FBI and other intelligence agencies to assess the breach.

The compromised service has been taken offline, and officials believe the hackers no longer have access to Treasury systems. In the meantime, the Treasury has pledged to continue its efforts to protect its systems, emphasizing its ongoing collaboration with both public and private sectors to enhance cybersecurity.

Given the sensitive timing of this breach, which follows the Salt Typhoon attack on U.S. telecommunications infrastructure, the U.S. government is under pressure to address the growing cybersecurity risks posed by China.

In response to a previous cyberattack, the U.S. Commerce Department had announced a ban on China Telecom’s remaining operations in the U.S.

Despite these incidents, Chinese officials have consistently denied involvement in cyberattacks, although they have engaged in talks with U.S. representatives on cybersecurity cooperation.

The complexity of U.S.-China relations continues to unfold, especially in the digital age.

The Treasury Department has promised to provide additional details about the breach in a report to Congress in the coming weeks.