The U.S. Treasury Department disclosed a significant cybersecurity breach by a Chinese state-sponsored threat actor, which compromised government employee workstations and accessed unclassified documentation, according to a statement from the Biden administration on Monday.
This incident follows earlier disclosures of Chinese infiltration into U.S. telecommunications infrastructure, which exposed official communications including phone calls and text messages of U.S. government personnel.
The breach was initially detected on December 8 when BeyondTrust, a third-party software provider, identified that the threat actor had acquired a security credential enabling unauthorized remote access to specific Treasury workstations and their contents, as detailed in official congressional correspondence.
Following comprehensive investigation efforts coordinated between the Treasury Department, FBI, and intelligence community partners, the department confirmed the compromised service has been deactivated. Current evidence indicates the Chinese state actor no longer maintains access to Treasury systems.
A Treasury spokesperson emphasized the department’s stringent approach to systems and data security threats, indicating ongoing collaboration with both private sector entities and government agencies to strengthen financial system cybersecurity measures.
While the precise timing of the incident remains undisclosed, the Treasury Department has committed to providing additional details in an upcoming congressional report.
This breach emerges amid heightened concerns over U.S. system vulnerabilities, particularly following reports of another Chinese hacking operation, designated as Salt Typhoon, which targeted telecommunications infrastructure.
Microsoft’s cybersecurity researchers identified this separate campaign, which reportedly intercepted communications involving several prominent Americans, including Donald J. Trump and JD Vance.