“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” the letter said.

The Treasury Department said it was notified on Dec. 8 by BeyondTrust, a third-party software service company, that hackers had gained remote access to government employee workstations as well as unclassified documents.

BeyondTrust said the security incident occurred on Dec. 2.

“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury user workstations and access certain unclassified documents maintained by those users,” the Treasury wrote in Monday’s letter to Senate Banking Committee leadership.

According to Hardikar, Treasury officials — who have been working with the FBI, U.S. intelligence and CISA — are required to provide an update in a 30-day supplemental report to “fully characterize the incident and determine its overall impact.”

“CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident,” the letter said.

The FBI has been investigating recent Salt Typhoon attacks, by Chinese hackers, who infiltrated a ninth telecommunications firm two days ago. That hack provided access to information on millions of people, according to U.S. cybersecurity officials. Among the high-profile victims were President-elect Donald Trump, Vice President-elect JD Vance and several Biden administration officials.

The Treasury Department oversees data about global financial systems, including China’s. The department has been involved in implementing sanctions against Chinese firms, including those helping in Russia’s war against Ukraine.

On Monday, the Treasury did not reveal any information on what the hackers may have been seeking within the department.