The US Department of Treasury disclosed that a state-sponsored Chinese hacking operation was able to breach desktop computers of Treasury employees through a third-party software, leading to the access of unclassified documents. The incident was reported to Senators Sherrod Brown and Tim Scott on December 8 and is being investigated by the department, the Cybersecurity and Infrastructure Security Agency, the FBI, and other intelligence agencies.
According to a letter from Assistant Secretary Aditi Hardikar, the breach occurred when a threat actor gained access to a cloud-based service used to provide technical support for Treasury Department employees. The actor was able to bypass security measures and access user workstations.
The Treasury has taken the compromised service offline and found no evidence that the actor has continued access to Treasury systems or information. The department has also bolstered its cyber defense over the past four years and will continue to work with private and public sector partners to protect the financial system from threat actors.
A supplemental report will be made available in 30 days, detailing the extent of the breach and the actions being taken to prevent future incidents.
