Treasury Hack Highlights Growing Risks Of Vendor Exploits

Chinese state-sponsored hackers have breached the U.S. Treasury Department, accessing unclassified documents via a vulnerability in a third-party cybersecurity vendor. The incident has been described as a “major breach” in a letter sent to lawmakers.

The attackers used a compromised key associated with BeyondTrust’s cloud-based service to bypass security controls. This allowed them to remotely access Treasury workstations and retrieve documents stored by departmental employees.

BeyondTrust alerted the Treasury Department to the breach on December 8. Treasury has since collaborated with the FBI and CISA to assess the impact and implement additional safeguards. “Over the last four years, Treasury has significantly bolstered its cyber defense,” the department stated.

Cybersecurity analysts believe the attack reflects a broader trend of state-sponsored hacking by Chinese groups. SentinelOne’s Tom Hegel remarked that targeting trusted third-party services has become an increasingly prominent method for infiltrating sensitive systems.

The Chinese government has denied involvement, with its embassy in Washington dismissing the allegations as unfounded. BeyondTrust has confirmed a security breach affecting some clients, though it has not directly linked the incident to the Treasury hack.

Officials have deactivated the affected service, and initial findings suggest that the breach has been contained.