US Treasury accuses Chinese hackers of stealing documents

Chinese state-sponsored hackers have breached the US Treasury office that administers economic sanctions against countries and groups of individuals, according to reporting from the Washington Post.

Earlier this week, the US Treasury Department revealed that it had been hacked by Chinese hackers, who had accessed several employee workstations and unclassified documents.

A letter by the treasury stated that the hackers compromised third-party cybersecurity service provider BeyondTrust in order to steal unclassified documents in what it called a “major incident.”

It detailed that the hackers gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.

With the stolen key, the threat actor was able to override the service’s security and remotely access user workstations.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter read.

The Treasury Department said it was alerted to the breach by BeyondTrust on December 8, and it was working with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the impact of the hack.

The letter added that there was no evidence that the hacker was still in its systems.

The Washington Post has since spoken to anonymous US officials who said the attackers compromised the Office of Foreign Assets Control and the Office of Financial Research and also targeted the office of US Treasury Secretary Janet Yellen.

According to the report, US officials said that the Chinese government’s motivation would likely be to find out what Chinese entities the US government is considering designating for financial sanctions.

In response to the report, spokesperson for the Chinese Embassy in Washington, Liu Pengyu, said that the “irrational” US claim was “without any factual basis” and represented “smear attacks” against Beijing.

The spokesperson added that China “combats all forms of cyber-attacks”.

The US Treasury has not responded to a request for comment on the report.