The U.S. Treasury Department recently experienced a significant cybersecurity breach attributed to Chinese state-sponsored hackers. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the incident remained isolated to the Treasury Department, with no other federal agencies affected.
The breach, discovered on December 8th, occurred through a compromised BeyondTrust remote support system using a stolen SaaS API key. Attackers specifically targeted two key departments:
– Office of Foreign Assets Control (OFAC), which manages sanctions programs
– Office of Financial Research
Intelligence suggests the hackers aimed to gather information about potential U.S. sanctions against Chinese entities. While the full impact is still under investigation, officials confirmed that access was terminated after the compromised BeyondTrust instance was shut down.
The Treasury Department classified this as a “major cybersecurity incident” due to its attribution to a Chinese Advanced Persistent Threat (APT) actor. CISA continues to monitor the situation and coordinate with federal authorities to ensure comprehensive security measures are in place, emphasizing the critical importance of protecting federal systems and data for national security.