The US Treasury says Chinese hackers remotely accessed workstations and documents in what they labelled a ‘major cyber incident’.
The US Treasury says Chinese hackers were able to steal documents in a major cyber attack in the early hours of Tuesday.
The US executive agency, responsible for promoting economic prosperity and ensuring Washington’s financial security says the hackers were able to retrieve several unclassified documents after compromising a third-party software service provider.
The department did not provide details on how many workstations were breached or the nature and sensitivity of the documents stolen. In a letter sent to US lawmakers, the Department of the Treasury said “at this time there is no evidence indicating the threat actor has continued access to Treasury information”.
“Treasury takes very seriously all threats against our systems, and the data it holds”, said a spokesperson in a separate statement, adding that an investigation into the incident was launched to identify the nature of the breach and losses incurred.
The revelation comes as US officials continue to grapple with the fallout of a massive Chinese cyberespionage campaign, known as Salt Typhoon, which gave officials in Beijing access to private texts and phone conversation of an unknown number of Americans. At least nine telecommunications companies in the United States have been affected by the hack, according to a top White House official.
US officials first learnt of the Salt Typhoon breach on 8 December, when a third-party software provider, BeyondTrust, flagged the incident to them. BeyondTrust said hackers stole a key used by the vendor to “secure a cloud-based service used to remotely provide technical support to workers”. That key allowed the hackers to override the system, gaining remote access to several employees’ workstations.
The US Treasury says the service responsible for the breach has since been taken offline, and say there is no evidence indicating the hackers’ continued access to the department’s systems or information.
The department says it’s working with the Federal Bureau of Investigation, or FBI, and the Cybersecurity and Infrastructure Security Agency, or CISA, and other private sector partners to investigate the impact of the hack, carried out by who they say were Chinese state-sponsored culprits.