© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

US Treasury targeted by state-sponsored hackers from China


The United States Department of the Treasury was recently notified by a third-party software service provider that a security incident had occurred.

On December 8, 2024, the Treasury Department was informed that a China state-sponsored Advanced Persistent Threat (APT) group had gained access to a key used by BeyondTrust to secure a cloud-based service used to remotely provide technical support for Treasury end users.

Because the hackers had access to the key, they were able to override the service’s security, remotely access Treasury end user workstations, and view unclassified documents.

According to a letter addressed to US House lawmakers, Treasury has been working with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Intelligence Community and third-party investigators to investigate the overall impact and scope of the incident.

“The compromised BeyondTrust service has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information,” Assistant Secretary for Management at the Department of the Treasury Aditi Hardikar states.

BeyondTrust disclosed the incident at the time. The software service provider however couldn't say how the key was obtained. A spokesperson did tell TechCrunch that the company had notified a “limited number of customers” whose systems were accessed during the incident.

“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” Treasury spokesperson Michael Gwin told TechCrunch.

According to Reuters, the Chinese embassy in Washington has denied all allegations, saying that the People’s Republic of China (PRC) “firmly opposes the U.S.’s smear attacks against China without any factual basis”.

Tom Hegel, security expert and researcher at cybersecurity firm SentinelOne, says to the press agency that the incident fits “a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services - a method that has become increasingly prominent in recent years”.


Leave a Reply

Your email address will not be published. Required fields are marked