US Treasury Department Breach, Hackers Accessed Workstations

The Biden administration confirmed that a Chinese state-sponsored hacking group breached the U.S. Treasury Department, gaining unauthorized access to employee workstations and unclassified documents.

This revelation follows a string of sophisticated surveillance operations targeting key American institutions.

The intrusion, attributed to a Chinese Advanced Persistent Threat (APT) actor, was identified on Dec. 8 by third-party software provider BeyondTrust, which flagged that hackers had exploited a security key to infiltrate Treasury systems.

Treasury officials reported that their investigation, conducted with the FBI and the intelligence community, classified the breach as a “major cybersecurity incident,” though they emphasized no current evidence indicates the hackers still have access.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

BeyondTrust Security Flaws Exploited

The breach exploited vulnerabilities in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products.

The cybersecurity firm has since disclosed critical flaws (CVE-2024-12356 and CVE-2024-12686) that allowed unauthorized system command execution. The compromised service has been taken offline, and Treasury officials assured that security measures are being bolstered to prevent future attacks.

While the exact objectives of the breach remain unclear, senior U.S. officials suggested it was likely an espionage operation rather than an attempt to disrupt critical infrastructure.

The Treasury Department is a prime target for foreign intelligence, given its oversight of global financial systems and its role in implementing sanctions—many of which impact Chinese firms aiding Russia in its war against Ukraine.

The hackers’ access to Treasury workstations could provide insights into U.S. financial strategies and China’s faltering economy.

This incident follows earlier reports of Chinese cyber intrusions into the email accounts of key U.S. officials, including Commerce Secretary Gina Raimondo, amid deliberations on semiconductor export controls.

The attack on the Treasury Department is part of a broader pattern of Chinese cyber activity. Earlier this year, a Chinese hacking group known as Salt Typhoon infiltrated nine U.S. telecommunications firms, accessing sensitive phone conversations and text messages.

Alarmingly, the hackers obtained information about Justice Department wiretaps, potentially giving the Chinese government insight into American counterintelligence operations.

Beijing has denied the allegations, with Chinese Foreign Ministry spokeswoman Mao Ning dismissing them as “groundless” and accusing the U.S. of spreading misinformation for political purposes.

The Treasury Department has pledged to present a detailed report to Congress in the coming weeks, as federal agencies and private-sector partners work together to strengthen cybersecurity.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free