The US Treasury Department says a post-mortem of a recent data breach shows state-sponsored Chinese hackers are behind the attack.
In a letter to the Senate Banking Committee, Assistant Secretary for Management Aditi Hardikar says the Treasury Department suffered a “major cybersecurity incident” after receiving a notice from third-party software service provider BeyondTrust on December 8th.
According to Hardikar, hackers funded by the state of China had access to a key used by BeyondTrust to provide remote technical support for Treasury Department employees. Hardikar says the thieves used the stolen key to remotely infiltrate employees’ workstations and access unclassified documents maintained by those employees.
The Treasury Department says it abruptly sought the assistance of the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Intelligence Community and outside experts to investigate the origin and overall impact of the attack.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor… In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”
An APT is an exploit executed by state-sponsored hackers with the goal of stealing sensitive information, carrying out cyber espionage or sabotaging critical infrastructure.
According to Hardikar, the exploited BeyondTrust service has been shuttered and there’s nothing to suggest that the hackers still have access to the Treasury Department’s records.
Meanwhile, Chinese Ministry of Foreign Affairs spokesperson Mao Ning says China had nothing to do with the data breach, reports CNN.
“We have repeatedly stated our position on such groundless accusations lacking evidence. China has always opposed all forms of cyberattacks, and we are even more opposed to spreading false information about China for political purposes.”
The Treasury Department is expected to hold a classified briefing about the cybersecurity incident in the coming days with staff members of the House Financial Services Committee.