A state-sponsored actor in China hacked the U.S. Treasury Department, gaining access to the workstations of government employees and unclassified documents, the Biden administration said on Monday.
The announcement comes after revelations in recent months that China had penetrated deep into U.S. telecommunications systems, gaining access to the phone conversations and text messages of U.S. officials and others.
In a letter informing lawmakers of the episode, the Treasury Department said that it had been notified on Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”
The Treasury Department said it had worked with the F.B.I., the intelligence community and other investigators to determine the impact of the breach. The compromised service had been taken offline, and there is no evidence that the Chinese state actor still has access to Treasury information, the department said.
In a statement, a Treasury spokesman said that the department took threats against its systems and the data they hold very seriously, and that it would continue to work with the private sector and government agencies to protect the financial system from hacking.
The Treasury Department did not clarify when the episode took place but said it would reveal more details in a forthcoming report to Congress.
Chinese officials have long denied any government role in hacking, and have set up dialogues with the United States to work together on cybersecurity. Earlier this month, officials from the Treasury Department traveled to China for a round of meetings of their economic and financial working groups, which cover collaboration on cybersecurity issues.
Recent reports of a separate breach of U.S. telecommunications systems by a Chinese hacking group nicknamed Salt Typhoon have raised concerns about the vulnerability of U.S. systems.
Microsoft’s cybersecurity team discovered that hacking this summer, which targeted the networks of AT&T, Verizon and Lumen. It gave Salt Typhoon, a group that is thought to be closely linked to China’s Ministry of State Security, access to conversations held by Donald J. Trump and JD Vance, among other Americans.
The Salt Typhoon hackers also obtained a nearly complete list of phone numbers the Justice Department has wiretapped to monitor people suspected of crimes or espionage, giving the Chinese government insight into which Chinese spies the United States has identified.
In response to that hack, the Commerce Department said earlier this month that it would ban the few remaining operations of China Telecom, one of the country’s biggest communications firms, from the United States.
The post China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says appeared first on New York Times.
