The U.S. Treasury Department said a state-sponsored Chinese hacking operation was able to use third-party software to tap into desktop computers of Treasury employees in what the department is calling “a major incident.”
In a letter seen by NBC News, Aditi Hardikar, assistant secretary for management of the U.S. Department of the Treasury, wrote that the office was notified on Dec. 8 of the breach. The letter is addressed to Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, R-S.C., the chairman and ranking member, respectively, of the Committee on Banking, Housing and Urban Affairs.
The information accessed by the “threat actor” included unclassified documents, according to the letter.
Hardikar wrote that the U.S. Treasury was told by “a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.”
With this access, the “threat actor” was able to override certain security measures and access the department’s user workstations.
The U.S. Treasury has been working with the Cybersecurity and Infrastructure Security Agency, the FBI and other members of the intelligence community, as well as “third-party forensic investigators to fully characterize the incident and determine its overall impact,” the letter reads.
In a statement to NBC News, a Treasury spokesperson cited the contents of the letter, saying that “the compromised BeyondTrust service has been taken offline” and that there is “no evidence indicating the threat actor has continued access to Treasury systems or information.”
“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” the statement reads in part.
Fellow agencies helped the U.S. Treasury deduce that the breach came from a Chinese hackers, according to the letter.
The letter states that a supplemental report will be made available in 30 days.
This is a developing story. Please check back for updates.
