US Treasury Identifies China State-Sponsored Actor Behind Cyber Breach, Raises Alarm Over Growing Internet Threats

The US Treasury Department revealed on Monday (30 December) that a China state-sponsored actor was responsible for a recent cyber breach that accessed some of its workstations.

The incident, disclosed in a letter to US Congress, occurred earlier this month when the actor compromised a third-party cybersecurity service provider.

Through this breach, the actor remotely accessed Treasury workstations and unclassified documents, according to a Treasury spokesperson. Treasury was alerted by its provider, BeyondTrust, and subsequently contacted the US Cybersecurity and Infrastructure Security Agency (CISA). The department is now collaborating with law enforcement to assess the impact of the breach.

"The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information," said the Treasury spokesperson.

In its communication to Senate Banking Committee leadership, the Treasury stated, "Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor."

An APT refers to a sophisticated cyberattack where intruders gain unauthorised access to a target and remain undetected for an extended period.

While the department did not specify what was affected in the breach, it announced plans to release further details in a supplemental report.

"Treasury takes very seriously all threats against our systems, and the data it holds," the spokesperson added, emphasising the department's commitment to safeguarding the US financial system.

The breach adds to growing concerns over Chinese-government-backed hacking activities targeting governments, militaries, and businesses worldwide.

In September, the US Justice Department neutralized a cyber-attack network allegedly operated by China-backed hackers, affecting 2 lakh devices globally.

Earlier, in February, US authorities dismantled "Volt Typhoon," a hacking network targeting public sector infrastructure, including water treatment plants and transportation systems.

In 2023, Microsoft disclosed that Chinese-based hackers, identified as Storm-0558, breached email accounts of approximately 25 organisations, including US government agencies. The State Department and Commerce Secretary Gina Raimondo were among those affected.

Beijing has consistently denied these allegations, stating its opposition to all forms of cyberattacks.