U.S. Treasury Declares “Major Incident” Over Cyberattack

Cyber attackers, alleged to be backed by the Chinese government, have breached the U.S. Treasury, prompting significant security concerns.

At a Glance

The U.S. Treasury was hit by a cyberattack, allegedly linked to a Chinese-backed group.
The breach occurred through a third-party vendor, BeyondTrust.
Stolen documents and breached systems have led to the attack being labeled a “major incident.”
The U.S. government and BeyondTrust are investigating further.

Cyberattack on the US Treasury

The US Treasury Department recently reported a cyberattack deemed a “major incident.” This breach, attributed to a Chinese government-backed group, involved the theft of documents and system breaches. The attackers allegedly gained access through a third-party cybersecurity service provider, BeyondTrust. This company allowed remote access to Treasury systems but was exploited to override parts of these systems.

The security breach initially came to light on December 2, with the department being notified by December 8. BeyondTrust took three days to determine their vulnerability had been compromised. Currently, compromised workstations and servers have been removed from the network as part of immediate protective measures.

BREAKING: US Treasury says its workstations hacked in cyberattack by China

READ: https://t.co/HBEbOWsmd7

— The Crypto Bull (@komaltasleem) December 31, 2024

Suspicions and Denials

Initial analysis suggests the cyberattack was carried out by a “China-based Advanced Persistent Threat Actor.” China has denied such accusations, describing them as “baseless,” and the Chinese embassy in Washington, DC criticized the U.S. for allegedly defaming China over cybersecurity issues. The breach was confirmed by the Treasury on December 30, 2024, after BeyondTrust’s alert.

BeyondTrust has already executed its disaster recovery plan to mitigate the attack’s damage, which was sophisticated enough to exploit their software’s vulnerabilities. There is a pending 30-day supplemental report expected to provide further details on the files stolen during the breach.

Geopolitical Implications

The U.S. Treasury attack follows a recent telecoms breach affecting nine major US telecommunications firms, also attributed to Chinese sources. The Chinese group Salt Typhoon has been identified in these incidents. President-elect Trump has vowed retribution for these breaches, with the incoming administration expected to respond strongly to foreign cyber intrusions.

The U.S. plans to counter China’s growing technological dominance, potentially including retaliatory cyberattacks. Strengthening cybersecurity defenses is deemed crucial for preventing further economic and political disruptions amid escalating geopolitical tensions.