China Accused of Major Cyberattack on U.S. Treasury: Key Details Unveiled

 U.S. officials said Monday that a Chinese state-sponsored hacker had successfully gained access to employee workstations and certain unclassified data at the U.S. Treasury Department earlier this month. In a letter to legislators, the Treasury Department revealed the occurrence and described it as a "major incident." According to the department, it is evaluating the impact of the incident in collaboration with the FBI and other authorities. According to a spokesman for the Chinese Embassy in Washington, D.C., the accusations were "unfounded and baseless" and part of a "smear campaign 

US Treasury Systems Are Breached by Chinese State-Sponsored Hackers

In its letter to Congress, the Treasury Department disclosed that the China-based actor circumvented security procedures by taking use of a third-party service provider's key. Employees can receive remote technical support with this application. According to officials, BeyondTrust, the compromised third-party service, has already been shut down. No indication has been found that the hacker has accessed Treasury Department data since, the statement concluded. To ascertain the total consequences of the intrusion, the department is collaborating with outside forensic investigators and the Cybersecurity and Infrastructure Security Agency (CISA).

According to officials, the breach was likely executed by a "China-based Advanced Persistent Threat (APT) actor," according to preliminary findings. "In accordance with Treasury policy, intrusions caused by APT actors are classified as major cybersecurity incidents," said Treasury officials. According to a . 2. According to the spokesperson, the hacker gained remote access to the workstations of many Treasury users as well as some of their unclassified documents.

The type of files accessed, the length of the hack, and the date of the incident were not disclosed by the department. Additionally, they refused to disclose information regarding the seniority of the staff members whose materials were accessed or the degree of confidentiality of the computer systems. During the three days that BeyondTrust was keeping an eye on them, hackers might have been able to create accounts or alter passwords. Instead of trying to steal money, the hackers were thought to be espionage agents looking for information. However, the Treasury Department "takes all threats to our systems and the data they contain very seriously" and is still dedicated to safeguarding its data from outside threats, the official underlined.

In the letter, the agency promised to give lawmakers a follow-up report on the occurrence within 30 days. Liu Pengyu, a spokesman for the Chinese Embassy, denied the department's report in a statement, saying it can be difficult to identify the hackers' place of origin. "We hope that the relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents and base their conclusions on sufficient evidence rather than unfounded speculation and accusations," Liu added. "The U.S. should stop using cybersecurity as a tool to smear and discredit China and cease spreading all kinds of misinformation about so-called Chinese hacking threats."

This intrusion is the most recent in a string of well-publicized and humiliating cybersecurity events in the United States that have been linked to Chinese espionage hackers. It comes after another breach that affected telecom providers in December and may have compromised phone record data for a significant portion of the American population