WASHINGTON: In a high-stakes game of cyber espionage, Chinese state-sponsored hackers reportedly outmaneuvered the US Treasury Department’s digital defenses earlier this month, gaining access to sensitive yet unclassified documents. According to a letter shared with lawmakers and later obtained by Reuters, Treasury officials labeled the breach a “major incident.”
The attackers infiltrated BeyondTrust, a third-party cybersecurity provider, exploiting a stolen digital key to override security protocols. This allowed them to remotely access workstations of Treasury Departmental Office (DO) users and retrieve certain unclassified files. Treasury officials identified the perpetrators as part of a China-backed Advanced Persistent Threat (APT) group.
Beijing swiftly dismissed the allegations, branding them as baseless. Chinese foreign ministry spokeswoman Mao Ning reiterated China’s stance against all forms of hacking, accusing the US of spreading “groundless claims” for political gain. “We firmly oppose these smear campaigns that lack evidence,” she said.
The breach, first detected by BeyondTrust on December 8, prompted immediate collaboration between the Treasury Department, the US Cybersecurity and Infrastructure Security Agency (CISA), and the FBI to assess the fallout. While Treasury officials declined further comment, BeyondTrust confirmed it had addressed the security lapse, notified affected clients, and involved law enforcement.
Tom Hegel, a cybersecurity expert at SentinelOne, noted that the attack aligns with a broader pattern of operations by China-linked groups. These groups are increasingly leveraging trusted third-party services to bypass defenses—a strategy that has gained traction in recent years.
Despite Beijing’s denials, the incident highlights escalating tensions in the digital domain, with accusations flying and trust between global powers hanging by a thread.
NEWS DESK
PRESS UPDATE