Dec. 30 (UPI) — The Biden administration revealed Monday that China-backed hackers infiltrated the U.S. Treasury Department earlier this month in what officials are calling a “major cybersecurity incident.”
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat actor,” Aditi Hardikar, assistant secretary for management at the U.S. Treasury, wrote in a letter informing lawmakers of the episode.
“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” the letter said.
The Treasury Department said it was notified on Dec. 8 by BeyondTrust, a third-party software service company, that hackers had gained remote access to government employee workstations as well as unclassified documents.
BeyondTrust said the security incident occurred on Dec. 2.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury user workstations and access certain unclassified documents maintained by those users,” the Treasury wrote in Monday’s letter to Senate Banking Committee leadership.
According to Hardikar, Treasury officials — who have been working with the FBI, U.S. intelligence and CISA — are required to provide an update in a 30-day supplemental report to “fully characterize the incident and determine its overall impact.”
“CISA was engaged immediately upon Treasury’s knowledge of the attack, and the remaining governing bodies were contacted as soon as the scope of the attack became evident,” the letter said.
The FBI has been investigating recent Salt Typhoon attacks, by Chinese hackers, who infiltrated a ninth telecommunications firm two days ago. That hack provided access to information on millions of people, according to U.S. cybersecurity officials. Among the high-profile victims were President-elect Donald Trump, Vice President-elect JD Vance and several Biden administration officials.
The Treasury Department oversees data about global financial systems, including China’s. The department has been involved in implementing sanctions against Chinese firms, including those helping in Russia’s war against Ukraine.
On Monday, the Treasury did not reveal any information on what the hackers may have been seeking within the department.