A Chinese state-sponsored hacker broke into U.S. Treasury Department systems, accessing employee workstations and some unclassified documents, officials said Monday.
The breach occurred in early December and was made public in a letter written by the Treasury Department to lawmakers informing them of the incident.
In the letter, the Treasury Department said the China-based player was able to bypass security via a key used by a third-party service provider that offers remote technical assistance to its employees.
The US agency called the breach a “major incident” and said it was working with the FBI and other agencies to investigate its impact.
The compromised third-party service – called BeyondTrust – has since been taken offline, officials said. They added that there is no evidence to suggest that the hacker has continued to access Treasury Department information since.
In conjunction with the FBI, the department worked with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the overall impact of the breach.
Based on the evidence gathered so far, officials said the hack appears to have been carried out by “a China-based advanced persistent threat (APT) actor.”
“Under Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” Treasury Department officials wrote in their letter to lawmakers.
This is breaking news. Check back for updates.
