China-backed hackers reportedly breached several U.S. Treasury Department workstations, according to the agency, which notified lawmakers about the hack.
This development comes after Chinese hackers targeted a number of major corporations as part of a broader cyberespionage effort. CNN reviewed the memo the agency sent to lawmakers.
In a letter reviewed by CNN, a Treasury official said it was informed by a third-party software service provider on December 8 that a threat actor used a stolen key to remotely access certain Treasury workstations and unclassified documents.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” Aditi Hardikar, assistant secretary for management at the US Treasury, wrote in the letter.
A Treasury spokesperson said in a statement to CNN that the compromised service has been taken offline and officials are working with law enforcement and the Cybersecurity and Infrastructure Security Agency (CISA).
“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” the Treasury spokesperson said.
According to the letter to Senate Banking Committee leadership, the third-party software service provider, BeyondTrust, said hackers gained access to a key used by the vendor to secure a cloud-based service that Treasury uses for technical support.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury [Departmental Office] user workstations, and access certain unclassified documents maintained by those users,” the Treasury letter said.
These breaches are considered a “major cybersecurity incident,” according to Hardikar.
A China-linked cyberespionage operation known as Salt Typhoon recently hacked AT&T and Verizon, Reuters reported. An AT&T spokesperson said the company detected “no activity by nation-state actors in our networks at this time” and that “the People’s Republica of China targeted a small number of individuals of foreign intelligence interest.”
Verizon’s Chief Legal Officer issued a statement said the company “has contained the activities associated with this particular incident.”
Chinese officials denied involvement in the hacking operations, saying the CCP “firmly opposes and combats cyber attacks and cyber theft in all forms.”
However, the Chinese government has carried out similar operations on multiple occasions over the past two decades.
China-linked hackers in 2003 began a series of coordinated cyber offensives against U.S. defense contractors, including Lockheed Martin and Sandia National Laboratories. The operation, known as “Titan Rain” also went after various British government agencies, according to The Guardian.
The Ministry of Defence declined yesterday to say whether it had been hit. An incident last year that shut down part of the House of Commons computer system, initially believed to be by an individual, was discovered to be the work of an organised Chinese hacking group, officials said.
Security and defence officials are coy about what they know of specific attacks. However, they say several Whitehall departments have fallen victim to China's cyberwarriors. One expert described it as a "constant ongoing problem".
The disclosures came after reports that the Chinese military had hacked into a Pentagon military computer network in June. The Financial Times said American officials called it the most successful cyber attack on the US defence department.
A federal investigation into Chinese efforts to hack American telecommunications companies revealed a startling pattern of obtaining information from government officials. The FBI explained that China-backed hackers breached “multiple” telecommunications companies to obtain call records and to access private communications between specific individuals.
Join the conversation as a VIP Member