The U.S. Treasury Department has disclosed a significant security breach by Chinese hackers, exploiting a vulnerability in a third-party software provider, BeyondTrust. On December 8, 2024, hackers used a stolen key to access Treasury workstations and unclassified documents.
- The Treasury determined that a “major incident” occurred.
What Happened: The Treasury was informed by BeyondTrust of the breach, allowing hackers to bypass security and remotely access certain workstations. Immediate action was taken to disconnect the compromised service, and a multi-agency response involving CISA, FBI, and the Intelligence Community was initiated to assess the damage.
The Good News: There’s currently no evidence that the hackers have ongoing access to Treasury’s systems after the service was taken offline.
Context: This incident adds to the growing list of cybersecurity concerns, particularly from state-sponsored actors, amidst already fraught U.S.-China relations over trade, technology, and espionage.
What’s Next: The focus will now be on understanding the full impact of the breach and enhancing security protocols with third-party vendors and within the Treasury’s systems.
The Bottom Line: This breach underscores the need for relentless vigilance and robust cybersecurity measures in government to protect against sophisticated cyber threats.
Read the Treasury letter to the Chairman and ranking member of the Committee on Banking, Housing, and Urban Affairs.