Unlock the White House Watch newsletter for free
Your guide to what the 2024 US election means for Washington and the world
A Chinese state-sponsored actor hacked the US Treasury department through a third-party service provider in a “major cyber security incident”, the agency said on Monday.
In a letter to the Senate banking committee seen by the Financial Times, the Treasury department said it had been informed on December 8 by software company BeyondTrust that a hacker had breached several remote government workstations by obtaining a security key and had in turn gained access to unclassified documents on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cyber security incident.”
The department said it had been working with the FBI and other investigators in the the wider intelligence community to determine the impact of the hack. It added that “at this time there is no evidence indicating the threat actor has continued access to Treasury information”.
In a separate statement on Monday, a Treasury spokesperson said the agency “takes very seriously all threats against our systems, and the data it holds”.
“We will continue to work with both private and public sector partners to protect our financial system from threat actors,” the person added.
The Chinese embassy in Washington did not immediately respond to a request for comment.
The breach is the latest cyber security violation involving US targets allegedly carried out on behalf of China.
In October, the Biden administration said it was investigating what the FBI and the Cybersecurity and Infrastructure Security Agency said was “unauthorised access to commercial telecommunications infrastructure by actors affiliated with the People’s Republic of China”. Hackers reportedly targeted the phones of president-elect Donald Trump and his running mate JD Vance in the lead-up to the US election.
Underscoring the level of concern, the commerce department in September took steps to limit China’s access to Americans’ data by proposing a ban on Chinese software and hardware for vehicles with a built-in internet connection.