Hackers affiliated with the Chinese government infiltrated the United States Treasury Department earlier this month, gaining access to sensitive systems and stealing unclassified documents from agency workstations, according to a report.
The incident, described as a “major incident” by officials, highlights ongoing vulnerabilities in the cybersecurity defenses of critical government agencies.
The breach was detailed in a letter sent to lawmakers and later obtained by Reuters. According to the letter, the attackers exploited a key used by a vendor to secure a cloud-based service that provides remote technical support for the Treasury Departmental Offices (DO).
With access to the stolen key, the hackers bypassed the service’s security measures, remotely accessed certain user workstations, and retrieved unclassified documents maintained on those systems.
The New York Times reported that the breach was first detected on December 8, when software service provider BeyondTrust alerted the Treasury Department about the unauthorized activity.
The compromised service was promptly taken offline to prevent further access, and initial assessments indicate that the attackers did not gain access to additional departmental systems.
While the stolen documents were unclassified, the hack has raised significant concerns about the potential for future exploits and the broader implications of foreign cyber intrusions.
The letter to lawmakers emphasized that the Treasury Department is taking the incident seriously and has initiated a thorough investigation.
“Treasury takes very seriously all threats against our systems and the data it holds,” the department said in its statement. “Over the last four years, Treasury has significantly bolstered its cyber defenses, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
Officials attributed the attack to a state-sponsored Chinese actor, reinforcing growing fears about the scale and sophistication of cyber campaigns orchestrated by foreign governments.
This breach is the latest in a series of high-profile cyberattacks linked to Chinese hacking groups, which are often accused of targeting critical infrastructure, government agencies, and private corporations in the United States.
The incident also underscores the vulnerability of cloud-based services that are increasingly relied upon by government agencies for remote operations and technical support.
By compromising a single access key, the hackers were able to penetrate multiple layers of security, highlighting the need for robust authentication protocols and more comprehensive monitoring systems.
In response to the breach, the Treasury Department has worked to secure its systems and mitigate potential risks. The compromised service has been taken offline, and additional safeguards have been implemented to prevent similar incidents in the future.
Cybersecurity experts are urging the government to adopt more advanced defense mechanisms to counter sophisticated state-sponsored attacks.
These include multi-factor authentication, real-time monitoring, and collaboration with private-sector partners to identify vulnerabilities before they can be exploited.
This latest breach comes amid an escalating wave of cyberattacks targeting U.S. government agencies and private companies. State-sponsored actors from China, Russia, and other nations have increasingly focused on accessing sensitive information, disrupting critical operations, and undermining trust in U.S. institutions.
In recent years, the Treasury Department has been a frequent target of such attacks, given its central role in managing the nation’s financial systems. Despite significant investments in cybersecurity over the past four years, incidents like this highlight the persistent challenges faced by agencies attempting to stay ahead of evolving threats.