United States: Treasury Department Hacked by a China-Affiliated Group
Articles by the same author:
1
2
3
4
On December 30, 2024, the U.S. Treasury Department announced it had been the target of a “major cybersecurity incident,” allowing hackers to access “non-classified” documents. In a letter sent to members of the House of Representatives, the administration attributed the attack “based on available evidence” to “a state-sponsored actor financially backed by China.”
The breach is believed to have stemmed from a compromise of BeyondTrust, a software provider for the Treasury Department. The attackers reportedly accessed a key used to secure a cloud-based service and remotely provide “technical support” to officials. This enabled them to bypass the service’s security, gain remote access to workstations, and view “non-classified” documents.
BeyondTrust informed the Treasury Department of the breach on December 8, 2024. According to the U.S. administration, “the compromised BeyondTrust service has been taken offline,” and “there is no evidence to suggest the malicious actor still has access to Treasury information.”