Chinese state sponsored hackers recently infiltrated the systems of the US Treasury Department, gaining access to employee workstations and unclassified documents. This breach, described as a major incident, was disclosed by the department in a letter to lawmakers.

The Treasury Department indicated that the hackers exploited a vulnerability in a third party service provider’s system. The compromised service, identified as BeyondTrust, provided remote technical support. Following the breach, the service was taken offline, and investigations were launched in collaboration with the FBI, the Cybersecurity and Infrastructure Security Agency, and forensic experts.

The intrusion was initially detected on 2 December, but BeyondTrust confirmed the hack three days later. The attackers reportedly had access to several user workstations and unclassified files during this period. It was noted that they might have created accounts or modified passwords while being observed by BeyondTrust. Officials emphasized that the hackers appeared to be seeking information rather than financial assets.

The Treasury Department stated that the breach aligns with its definition of a major cybersecurity incident when linked to an Advanced Persistent Threat (APT). The department pledged ongoing efforts to safeguard its systems and data, with a supplemental report to lawmakers promised within 30 days.

Chinese authorities denied any involvement, calling the allegations baseless and politically motivated. A spokesperson for China’s foreign ministry reiterated the country’s opposition to all forms of hacking, rejecting the accusations as unfounded and aimed at tarnishing China’s image.

This breach is the latest in a series of high profile cyberattacks attributed to Chinese espionage groups, including a previous intrusion into US telecom companies in December. In both cases, the attackers sought sensitive information, heightening concerns about cybersecurity vulnerabilities in critical US infrastructure.