Cybercriminals infiltrated workstations and stole "non-classified" documents.

On December 30, 2024, the U.S. Treasury Department announced it had been the target of a “major cybersecurity incident,” allowing hackers to access “non-classified” documents. In a letter sent to members of the House of Representatives, the administration attributed the attack “based on available evidence” to “a state-sponsored actor financially backed by China.”

The breach is believed to have stemmed from a compromise of BeyondTrust, a software provider for the Treasury Department. The attackers reportedly accessed a key used to secure a cloud-based service and remotely provide “technical support” to officials. This enabled them to bypass the service’s security, gain remote access to workstations, and view “non-classified” documents.

BeyondTrust informed the Treasury Department of the breach on December 8, 2024. According to the U.S. administration, “the compromised BeyondTrust service has been taken offline,” and “there is no evidence to suggest the malicious actor still has access to Treasury information.”

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.