Image: Unsplash/Treasury [Martin Matishak](/author/martin-matishak)December 30th, 2024 Beijing-linked hackers penetrated Treasury systems==================================================A Chinese state-sponsored actor was responsible for a ‘major incident’ that compromised U.S. Treasury Department workstations and classified documents, according to a letter the agency sent congressional lawmakers on Monday.In a missive to the Senate Banking Committee, the department said it was notified on December 8 by BeyondTrust, a third-party software provider, that a foreign actor had obtained a security key that allowed the perpetrator to remotely gain access to employee workstations and the classified documents stored on them.’Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,’ according to the letter from Aditi Hardikar, assistant Treasury secretary for management.It did not specify the number of impacted workstations or the kind of documents caught in the hack. It also did not say when the initial breach occurred.The compromised service ‘has been taken offline and at this time there is no evidence indicating the threat actor has continued access to Treasury information,’ it adds.The notification comes as Washington remains on edge over the recent disclosures that Chinese-linked hackers known as Volt Typhoon and Salt Typhoon have burrowed into U.S. critical infrastructure and penetrated the networks of [at least nine telecommunication companies](https://therecord.media/nine-us-companies-hacked-salt-typhoon-china-espionage), respectively.In response, the Biden administration and Capitol Hill lawmakers are readying a series of policy moves, including a vote next month by the Federal Communications Commission that may set minimum cybersecurity standards for telecom firms.Treasury said it is working with the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) to resolve the intrusion. * [](https://twitter.com/intent/tweet?text=Beijing-linked hackers penetrated Treasury systems%20%20@TheRecord_Media)* [](https://www.linkedin.com/shareArticle?mini=true&url=&title=Beijing-linked hackers penetrated Treasury systems)* [](https://www.facebook.com/sharer/sharer.php?u=&src=sdkpreparse)* [](https://www.reddit.com/submit?url=)* [](https://news.ycombinator.com/submitlink?u=&t=Beijing-linked hackers penetrated Treasury systems)* [](https://bsky.app/intent/compose?text=Beijing-linked hackers penetrated Treasury systems ) * [Government](/news/government)* [Cybercrime](/news/cybercrime)* [Nation-state](/news/nation-state)* [News](/)* [Technology](/news/technology) Get more insights with the Recorded Future Intelligence Cloud.[Learn more.](https://www.recordedfuture.com/platform?mtm_campaign=ad-unit-record) Tags* [Treasury Department](/tag/treasury-department)* [China](/tag/china)* [Salt Typhoon](/tag/salt-typhoon)* [Volt Typhoon](/tag/volt-typhoon) No previous article No new articles  [Martin Matishak](/author/martin-matishak) is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers. [](https://twitter.com/martinmatishak)
Related Tags:
DEV-0391
UNC3236
Voltzite
Vanguard Panda
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 51 – Information
NAICS: 928 – National Security And International Affairs
Associated Indicators: