China hacks U.S. Treasury Department in major breach

The Biden administration announced on Monday, December 30, that a Chinese state-sponsored hacking group infiltrated the U.S. Treasury Department, gaining access to government employees’ workstations and unclassified documents. The breach is the latest in a string of sophisticated surveillance operations targeting major U.S. institutions.

In a letter to lawmakers, the Treasury disclosed that the attack was discovered on December 8 by BeyondTrust, a third-party software service company. The hackers reportedly obtained a security key that allowed remote access to specific Treasury workstations.

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the Treasury stated, labeling the intrusion a “major cybersecurity incident.”

While the precise objectives of the hackers remain unclear, senior officials have indicated that the operation appears focused on espionage rather than attempts to disrupt critical infrastructure. Treasury officials oversee sensitive data related to global financial systems, sanctions, and insights into China’s economic challenges—information of high interest to Beijing.

This breach follows earlier incidents where Chinese intelligence accessed the email accounts of Commerce Secretary Gina Raimondo and other U.S. officials involved in decisions on export controls for advanced technologies. The hacking group, identified as Salt Typhoon, has also penetrated U.S. telecommunications firms, compromising phone conversations, text messages, and even a near-complete list of phone numbers under Justice Department surveillance.

Among the targets were unencrypted lines used by top U.S. officials, raising counterintelligence concerns about Beijing’s ability to discern which Chinese spies are under investigation.

The Treasury said it collaborated with the FBI, intelligence agencies, and other investigators to assess the breach. The compromised service has been taken offline, and officials believe the hackers no longer have access to Treasury systems.

In a statement, a Treasury spokesperson emphasized the department’s commitment to protecting its systems and data, noting ongoing efforts to enhance cybersecurity in collaboration with public and private sectors.

The timing of the breach disclosure is particularly sensitive, as the U.S. recently dealt with the Salt Typhoon attack on telecommunications infrastructure. That hack prompted the Commerce Department to announce a ban on the remaining operations of China Telecom in the United States.

Chinese officials have consistently denied involvement in hacking and have engaged in dialogues with the U.S. on cybersecurity cooperation. Earlier this month, Treasury representatives visited China to discuss economic and cybersecurity issues, highlighting the ongoing complexity of U.S.-China relations in the digital age.

The Treasury Department has promised to provide further details about the breach in an upcoming report to Congress.