Janice R. Andrews
The US Treasury Department has reported a significant cyberattack attributed to a China-based state-sponsored Advanced Persistent Threat (APT) actor. The breach, first discovered on December 8, targeted the department’s workstations and unclassified documents, as detailed by The New York Times.
The incident came to light when BeyondTrust, a third-party software provider, informed the Treasury that a security key used for technical support had been exploited to gain unauthorized access to sensitive systems. In a letter shared with lawmakers, the Treasury revealed that it is working closely with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to fully investigate the breach. However, the exact duration of the hack and the specific files or data accessed have not been disclosed.
This attack follows a separate breach from October 2024, where a Chinese hacking group named “Salt Typhoon” infiltrated US telecom carriers. That breach exposed unencrypted SMS messages and call logs from government officials and other high-profile targets for months before being discovered.
The recent breach highlights ongoing concerns over the security of vital government infrastructure, with investigations continuing as authorities work to understand the full extent of the attack.
