The U.S. Treasury department said a state-sponsored Chinese hacking operation was able to use third-party software to access the desktop computers of Treasury employees in what the department is calling “a major incident.”
In a letter seen by NBC News, Aditi Hardikar, assistant secretary for management of the U.S. Department of the Treasury, wrote that the office was notified on Dec. 8 of the breach. The letter is addressed to Sen. Sherrod Brown, D-Ohio, and Sen. Tim Scott, R-S.C., the chairman and ranking member, respectively, of the Committee on Banking, Housing and Urban Affairs.
Hardikar wrote that the U.S. Treasury was told by “a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.”
With this access, the “threat actor” was able to override certain security measures and access the department office user workstations. The information accessed by the “threat actor” was unclassified documents.
The U.S. Treasury has been working with Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and other members of the intelligence community, as well as “third-party forensic investigators to fully characterize the incident and determine its overall impact,” according to the letter.
In a statement to NBC News, a Treasury spokesperson reiterated the contents of the letter, saying that “The compromised BeyondTrust service has been taken offline” and that there is “no evidence indicating the threat actor has continued access to Treasury systems or information.” The spokesperson said the department is working in coordination with other agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency to “ascertain the impact of this incident.”
“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” the statement reads in part.
Fellow agencies helped the U.S. Treasury deduce that the breach came from a Chinese hackers, according to the letter.
The letter states a supplemental report will be made available in 30 days.
This is a developing story. Please check back for updates.
