A cybersecurity breach involving the U.S. Treasury Department has escalated concerns over cyber-espionage activities allegedly sponsored by China.
The attack, described by officials as a “major cybersecurity event,” exposed vulnerabilities in a third-party software provider used by the federal agency, raising alarms about the broader implications for U.S. infrastructure.
The breach comes against the backdrop of heightened tensions between Washington and Beijing over allegations of state-sponsored cyberattacks targeting critical American systems.
On Dec. 8, the U.S. Treasury Department disclosed that a hacking group, reportedly linked to the Chinese government, gained unauthorized access through BeyondTrust Inc., a third-party provider of cloud-based services.
Attackers reportedly obtained a security key, enabling them to exploit a remote technical support system used by Treasury Department employees.
BeyondTrust, which holds federal contracts worth over $4 million, confirmed the breach, noting that it had affected a limited number of its clients, all of whom have since been notified.
Federal agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the broader intelligence community, are actively investigating the incident.
However, concerns are mounting because BeyondTrust provides services to multiple federal departments, including Defense, Justice, and Veterans Affairs.
The Treasury hack aligns with a broader cyber-espionage campaign allegedly orchestrated by Chinese state actors.
Dubbed “Salt Typhoon” by Microsoft, this campaign has already compromised at least nine U.S. telecommunications companies.
The hackers reportedly harvested sensitive information, including call and message data, from both private citizens and prominent political figures.
The White House has expressed grave concerns, with President Biden raising the issue directly with Chinese President Xi Jinping during the APEC summit in November.
The administration is reportedly weighing additional measures to counteract these cyber threats, including a potential ban on China Telecom operations within the U.S.
China has vehemently denied involvement in the Treasury breach or the broader cyber-espionage campaign.
The Chinese embassy in Washington dismissed the allegations as unfounded, accusing the U.S. of engaging in “smear campaigns” and disseminating “misinformation about Chinese hacking activities.”
“The U.S. must stop leveraging cybersecurity to defame China,” the embassy said in a statement.
Similarly, in response to previous accusations in November, Chinese Foreign Ministry spokesperson Lin Jian reiterated Beijing’s position, stating, “China has no interest in interfering in other countries’ domestic affairs via cyberspace.”
The U.S. Treasury and BeyondTrust did not immediately respond to a request for comment.