US Treasury breached by China-backed hackers in ‘major incident’ as Americans warned to use encrypted messaging apps

Chinese state-sponsored hackers breached the U.S. Treasury Department’s computer security rails this month and stole documents in what the Treasury Department called a “major incident.”

Treasury Department officials sounded the alarm in a letter to lawmakers Monday about the breach in the latest suspected Chinese hack of U.S. technology and officials.

The hackers compromised third-party cybersecurity services provider BeyondTrust and were able to gain access to unclassified documents, the letter said.

According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to provide remote technical support to Treasury Departmental Offices (DO) end users.”

With access to the stolen key, the threat actor was able to override the security of the service, remotely access certain Treasury DO user workstations, and gain access to certain unclassified documents controlled by those users.”

The Treasury Department said it was notified of the breach by BeyondTrust on December 8 and was working with the US Cybersecurity and Infrastructure Security Agency and the FBI to assess the impact of the hack.

It says the hack is being investigated as a “major cybersecurity incident.”

“The Treasury Department takes all threats against our systems and the data they contain very seriously,” a ministry spokesperson said in a separate statement.

Treasury Department officials raised the alarm about the breach in a letter to lawmakers Monday announcing the latest suspected Chinese hack of U.S. technology and officials. In the photo: US Treasury Secretary Janet Yellen

“Over the past four years, the Treasury Department has significantly strengthened its cyber defenses, and we will continue to work with private and public sector partners to protect our financial system from threat actors.”

Treasury Department officials did not immediately respond to an email seeking more details about the hack.

The FBI did not immediately respond to Reuters’ requests for comment, while CISA referred questions back to the Treasury Department.

A spokesperson for the Chinese embassy in Washington denied any responsibility for the hack, saying Beijing “resolutely opposes the US smear attacks against China without any factual basis.”

BeyondTrust, based in Johns Creek, Georgia, did not immediately respond to requests for comment, but on its website the company said it had recently identified a security incident involving a limited number of customers of its remote support software.

The statement said a digital key was compromised in the incident and an investigation was underway.

Tom Hegel, a threat researcher at cybersecurity firm SentinelOne, said it appears the security incident described by BeyondTrust is closely linked to the reported hack at Treasury, though he cautioned that the company itself would have to confirm any connection.

“This incident fits a well-documented pattern of operations by PRC-affiliated groups, with a particular focus on abusing trusted third-party services – a method that has become increasingly prominent in recent years,” he said, using an acronym for the People’s Republic of China.

The Treasury Department said it was notified of the breach by BeyondTrust on Dec. 8 and was working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the impact of the hack.

American flags are shown with Chinese flags on top of a pedicab

The revelation comes as U.S. officials continue to grapple with the fallout from a massive Chinese cyberespionage campaign known as Salt Typhoon, which gave officials in Beijing access to private texts and phone calls of an unknown number of Americans.

The cyber espionage campaign surfaced this year when hackers attacked networks of various telecom companies.

The hackers used their access to target the metadata of a large number of customers, including information about the dates, times and recipients of calls and text messages.

They also managed to recover the actual audio files of calls and the contents of text messages from a much smaller number of victims.

Despite months of investigation, the true scale of the Chinese operation, including the total number of victims and whether the hackers still have any access to information, is currently unknown.

Several recent high-profile hacking incidents have been linked to China and what officials say is Beijing’s attempt to steal technical and government secrets while gaining access to critical infrastructure such as the power grid.

In September, the FBI announced that it had disrupted a massive Chinese hacking operation that installed malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers.

The devices were then used to create a massive network of infected computers, or botnets, which could then be used to carry out other cybercrimes.

In September, the FBI announced that it had disrupted a massive Chinese hacking operation that installed malicious software on more than 200,000 consumer devices, including cameras, video recorders and home and office routers.

A new report claimed that Todd Blanche’s cell phone was hacked by Chinese cybercriminals months ago. The FBI declined to comment on the case. Blanchard is the criminal lawyer for newly elected President Donald Trump

In October, officials said hackers with ties to China targeted the phones of then-presidential candidate Donald Trump and his running mate, Sen. J.D. Vance, along with people tied to Democratic vice presidential candidate Kamala Harris.

China has rejected accusations from US officials that it is engaged in cyber espionage targeting Americans.

The country’s government “strongly opposes and combats all types of cyber attacks,” spokesman Liu Pengyu wrote in an emailed statement to The Associated Press. “The U.S. must stop its own cyberattacks against other countries and refrain from using cybersecurity to smear and defame China.”

A top White House official said Friday that the number of telecommunications companies affected by the hack has now risen to nine.