The Biden administration has disclosed a significant cybersecurity breach involving the U.S. Treasury Department, which was infiltrated by a hacking group reportedly sponsored by the Chinese government.
The hackers gained unauthorized access to employee workstations and unclassified documents, marking the latest in a series of advanced surveillance campaigns targeting critical U.S. institutions.
The breach, discovered on December 8 by BeyondTrust, a third-party cybersecurity service provider, was detailed in a letter sent by the Treasury Department to lawmakers. According to the letter, the attackers obtained a security key that enabled remote access to certain Treasury workstations. The department classified the intrusion as a “major cybersecurity incident” and attributed it to a China state-sponsored Advanced Persistent Threat (APT) actor.
While the hackers’ specific objectives remain unclear, senior officials believe the operation was primarily espionage-focused rather than an attempt to disrupt critical infrastructure. The Treasury Department handles sensitive global financial data, sanctions, and insights into China’s economic challenges, making it an attractive target for foreign intelligence.
This incident is part of a broader pattern of cyber intrusions attributed to Chinese state actors. Earlier this year, Chinese intelligence operatives accessed the email accounts of Commerce Secretary Gina Raimondo and other U.S. officials involved in technology export controls. The hacking group, identified as Salt Typhoon, has also infiltrated U.S. telecommunications firms, compromising phone conversations, text messages, and phone numbers under Justice Department surveillance.
Alarmingly, the breached communication lines included unencrypted channels used by high-ranking U.S. officials, raising concerns about China’s ability to identify its spies under investigation.
The Treasury Department has since collaborated with the FBI, intelligence agencies, and other partners to investigate the breach. Officials confirmed that the compromised systems have been taken offline and stated that they believe the hackers no longer have access to Treasury networks.
A Treasury spokesperson, in a public statement, reaffirmed the department’s commitment to strengthening its cybersecurity defenses. “We are actively working with public and private sector partners to safeguard our systems and data,” the spokesperson said.
The disclosure of the Treasury breach comes at a pivotal moment, as the U.S. recently addressed another major cyberattack linked to Salt Typhoon. That incident targeted telecommunications infrastructure and led the Commerce Department to announce a ban on the remaining U.S. operations of China Telecom.
Chinese authorities have consistently denied involvement in cyberattacks but have engaged in cybersecurity dialogues with the U.S. Treasury officials visited China earlier this month to discuss economic and cybersecurity issues, reflecting the complex and multifaceted nature of U.S.-China relations in the digital era.
The Treasury Department has pledged to release additional details about the breach in an upcoming report to Congress. This incident underscores the persistent and evolving challenge of defending critical U.S. systems against sophisticated state-sponsored cyber threats.