Jeffrey A. Newman
The US Treasury Department has notified lawmakers that a China state-sponsored actor infiltrated Treasury workstations. Officials are calling it a āmajor incident.ā According to news reports, the threat actor used a stolen key to remotely access certain Treasury workstations and unclassified documents.
Treasury officials plan to hold a classified briefing about the breach next week with staffers from the House Financial Services Committee, a senior committee staffer told CNN. The exact timing of the briefing has not been scheduled yet.
The Treasury Department said it had worked with the F.B.I., the intelligence community and other investigators to determine the impact of the latest breach. The compromised service has been taken offline, and there is no evidence that the Chinese hackers still have access to Treasury information, the department said. The department monitors global financial systems and economies, and in recent years has levied US sanctions against China
According to the letter to Senate Banking Committee leadership, the third-party software service provider, BeyondTrust, said hackers gained access to a key used by the vendor to secure a cloud-based service that Treasury uses for technical supportāWith access to the stolen key, the threat actor was able to override the serviceās security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users,ā the Treasury letter said. tās not clear exactly how many workstations were infiltrated. However, the Treasury spokesperson said in the statement that āseveralā Treasury user workstations were accessed.
“Even though the Treasury says the Chinese only got unclassified documents, weāve got to remember that a hack of the Treasury sends shudders not just across the U.S., but across the world. Countries rely on the dollar, can you rely on the stability of the American financial markets?” said China expert Gordon Chang. A hack of telecoms companies in December potentially accessed phone record data across large swathes of American society.
The Treasury Department said in its letter to lawmakers that this latest attack involved China-based actors overriding security via a key used by a third-party service provider. The application offers remote technical support to its employees.
The FBI recently warned that the threat posed by Chinese hacking operations to U.S. critical infrastructure has become more urgent, as intelligence agencies have said that groups like Volt Typhoon are preparing for the possibility of widespread disruptive actions as early as 2027.
Jeff Newman JD MBA, represents whistleblowers nationwide relating to customs and tariff fraud concerning imported Chinese goods as well as corporate whistleblowers in major claims under the False Claims Act (Qui Tam), and SEC, CFTC and FINCEN whistleblower programs. He can be reached at Jeff@JeffNewmanLaw.com or at 617-823-3217