US Treasury says it was hacked by China in ‘major incident’
Getty ImagesA Chinese state-sponsored hacker has broken into the US Treasury Department’s systems, accessing employee workstations and some unclassified documents, American officials said on Monday.
The breach occurred in early December and was made community in a note penned by the Treasury Department to lawmakers notifying them of the incident.
The US agency characterised the breach as a “major incident”, and said it had been working with the FBI and other agencies to investigate the impact.
A spokesman for the Chinese embassy in Washington DC told BBC information that the accusation is part of a “smear attack” and was made “without any factual basis”.
The Treasury Department said in its note to lawmakers that the China-based actor was able to override safety via a key used by a third-event service provider that offers remote technical back to its employees.
The compromised third-event service – called BeyondTrust – has since been taken offline, officials said. They added that there is no evidence to recommend the hacker has continued to access Treasury Department information since.
Along with the FBI, the department has been working with the Cybersecurity and Infrastructure safety Agency and third-event forensic investigators to determine the breach’s overall impact.
Based on evidence it has gathered so far, officials said the hack appears to have been carried out by “a China-based Advanced Persistent Threat (APT) actor”.
“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” Treasury Department officials wrote in their note to lawmakers.
- Millions of Americans caught up in Chinese hacking plot – US
- China hits out at US and UK over cyber hack claims
The department was made aware of the hack on 8 December by BeyondTrust, a spokesperson told the BBC. According to the corporation, the suspicious activity was first spotted on 2 December, but it took three days for the corporation to determine that it had been hacked.
The spokesperson added that the hacker was able to remotely access several Treasury user workstations and sure unclassified documents that were kept by those users.
The department did not specific the nature of these files, or when and for how long the hack took place. They also did not specific the level of confidentiality of the computer systems. For instance, access to 100 low-level workers would likely be less valuable then access to only 10 computers at a higher echelon within the department.
The hackers may have been able to make accounts or transformation passwords in the three days that they were being watched by BeyondTrust.
As espionage agents, the hackers are believed to have been seeking information, rather than attempting to steal funds.
The spokesperson said the Treasury Department “takes very seriously all threats against our systems, and the data it holds”, and that it will continue to work on protecting its data from outside threats.
The department note states that a supplemental update on the incident will be provided to lawmakers in 30 days.
Chinese embassy spokesman Liu Pengyu denied the department’s update, saying in a statement that it can be challenging to trace the origin of hackers.
“We aspiration that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded investing and accusations,” he said.
“The US needs to stop using cyber safety to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”
This is the latest high-profile and embarrassing US breach blamed on Chinese espionage hackers.
It follows another hack of telecoms companies in December that potentially breached phone record data across large swathes of American population.
