A Chinese state-sponsored hacker breached U.S. Treasury Department systems, gaining access to employee workstations and some unclassified documents, officials said Monday.
The breach occurred in early December and was announced in a letter drafted by the Treasury Department to lawmakers informing them of the incident.
The China-based actor was able to bypass security via a key used by a third-party service provider that provides remote technical support to its employees, the Treasury Department said in the letter.
The US agency described the hack as a “major incident” and said it was working with the FBI and other agencies to investigate the impact.
The compromised third-party service — called BeyondTrust — has since been taken offline, officials said. They added that there is no evidence to suggest that the hacker has continued to access Treasury information since then.
Along with the FBI, the Department is working with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact of the breach.
Based on the evidence collected so far, officials said the hack appeared to have been carried out by “an advanced persistent threat (APT) actor based in China.”
“According to Treasury policy, hacks attributed to advanced persistent threats are considered a major cybersecurity incident,” Treasury officials wrote in their letter to lawmakers.
This is a breaking news story. Check back for updates.
