Treasury Department Says Systems Hacked by China-Backed Actor -- Update
By Connor Hart and Dustin Volz
The Treasury Department told lawmakers Monday that a state-sponsored actor in China hacked its systems, accessing several user workstations and certain unclassified documents.
The treasury was informed on Dec. 8 by a third-party software service provider, BeyondTrust, that a threat actor used a stolen key to remotely access certain workstations and unclassified documents, according to a letter reviewed by The Wall Street Journal.
Once alerted, the department said it immediately contacted the Cybersecurity and Infrastructure Security Agency and has since worked with law enforcement partners across the government to assess the incident.
"The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information," a spokesperson said.
In response, the Chinese embassy in Washington, D.C., denied the Treasury Department's allegations, and said that its government opposes what it described as U.S. smear tactics without any factual basis.
China has for years been blamed by the U.S. and its allies for hacking into a vast range of government computer networks to further its espionage goals. Last year, Chinese state-sponsored hackers were accused of breaching email accounts belonging to Commerce Secretary Gina Raimondo and senior State Department officials, including the U.S. ambassador to China, in a wide-reaching attack that also compromised more than two dozen organizations globally.
More recently, U.S. officials have been alarmed by a series of deep intrusions at major U.S. telecom companies that they said were also carried about by Chinese hackers. In those attacks, the hackers were able to secretly listen into some calls that involved select high-profile political figures, including President-elect Donald Trump, as well as senior national security officials, according to people familiar with the matter.
The Treasury Department has long been seen as a lucrative target for state-backed hackers due to its work involving international financial issues, including sanctions. In 2020, Russian hackers compromised dozens of department email accounts and breached the office that houses its top officials, as part of a broad campaign that compromised several critical federal government agencies.
Write to Connor Hart at connor.hart@wsj.com and Dustin Volz at dustin.volz@wsj.com
(END) Dow Jones Newswires
December 30, 2024 18:39 ET (23:39 GMT)
Copyright © 2024 Dow Jones & Company, Inc.
