Threat Intel Solutions

Chinese-sponsored hackers accessed Treasury documents in ‘major incident’========================================================================= carterdayne/Getty Images | Get the latest federal technology news delivered to your inbox.||
|| email | Register for Newsletter*** ** * ** ***Stay Connected [](https://twitter.com/NextgovFCW)[](https://www.facebook.com/NextgovFCW/)[](https://www.linkedin.com/company/nextgovfcw/)[](/rss/all/) Featured eBooks  [Health Tech](/assets/health-tech-q424/portal/) [Read Now](/assets/health-tech-q424/portal/)  ### [Next-Generation Computing](/assets/next-generation-computing/portal/)[Read Now](/assets/next-generation-computing/portal/)  ### [Space Tech](/assets/space-tech-q324/portal/)[Read Now](/assets/space-tech-q324/portal/) Insights -& Reports  [Enabling AI at the Edge for the Public Sector](/assets/enabling-ai-edge-public-sector/portal/?oref=ng-sidebar-insights-reports) [Presented By Carahsoft](/assets/enabling-ai-edge-public-sector/portal/?oref=ng-sidebar-insights-reports) [Download Now](/assets/enabling-ai-edge-public-sector/portal/?oref=ng-sidebar-insights-reports)  [Red Hat 5 Questions – Mission Edge](/assets/red-hat-5-questions-edge.png?oref=ng-sidebar-insights-reports) [Presented By Red Hat](/assets/red-hat-5-questions-edge.png?oref=ng-sidebar-insights-reports) [Download Now](/assets/red-hat-5-questions-edge.png?oref=ng-sidebar-insights-reports)  By [David DiMolfetta](/voices/david-dimolfetta/25968/?oref=ng-post-author), Cybersecurity Reporter, Nextgov/FCW * [](https://twitter.com/share?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&text=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99&via=Nextgov)* [](http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&mini=true&summary=The+incident+comes+in+the+final+days+of+the+Biden+presidency+and+as+officials+work+to+root+out+China-tied+hackers+from+U.S.+telecommunications+systems.&source=Nextgov.com&title=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99)* [](https://www.facebook.com/dialog/feed?picture=https%3A%2F%2Fcdn.nextgov.com%2Fmedia%2Fimg%2Fcd%2F2024%2F12%2F30%2F123024TreasuryNG%2F860x394.jpg&name=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99&app_id=622609557824468&redirect_uri=https%3A%2F%2Fwww.nextgov.com&link=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&display=popup&description=The+incident+comes+in+the+final+days+of+the+Biden+presidency+and+as+officials+work+to+root+out+China-tied+hackers+from+U.S.+telecommunications+systems.)* [](mailto:?body=The%20incident%20comes%20in%20the%20final%20days%20of%20the%20Biden%20presidency%20and%20as%20officials%20work%20to%20root%20out%20China-tied%20hackers%20from%20U.S.%20telecommunications%20systems.%0A%0Ahttps%3A//www.nextgov.com/cybersecurity/2024/12/chinese-sponsored-hackers-accessed-treasury-documents-major-incident/401899/&subject=Nextgov.com%3A%20Chinese-sponsored%20hackers%20accessed%20Treasury%20documents%20in%20%E2%80%98major%20incident%E2%80%99) By [David DiMolfetta](/voices/david-dimolfetta/25968/?oref=ng-post-author?oref=rf-post-author)-| December 30, 2024 05:59 PM ETThe incident comes in the final days of the Biden presidency and as officials work to root out China-tied hackers from U.S. telecommunications systems.——————————————————————————————————————————————————-* [Treasury](/topic/treasury-department/?oref=ng-article-topics)* [Cyber Threats](/topic/cyber-threats/?oref=ng-article-topics)* [Data Breaches](/topic/data-breaches/?oref=ng-article-topics)* [](https://twitter.com/share?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&text=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99&via=Nextgov)* [](http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&mini=true&summary=The+incident+comes+in+the+final+days+of+the+Biden+presidency+and+as+officials+work+to+root+out+China-tied+hackers+from+U.S.+telecommunications+systems.&source=Nextgov.com&title=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99)* [](https://www.facebook.com/dialog/feed?picture=https%3A%2F%2Fcdn.nextgov.com%2Fmedia%2Fimg%2Fcd%2F2024%2F12%2F30%2F123024TreasuryNG%2F860x394.jpg&name=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99&app_id=622609557824468&redirect_uri=https%3A%2F%2Fwww.nextgov.com&link=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&display=popup&description=The+incident+comes+in+the+final+days+of+the+Biden+presidency+and+as+officials+work+to+root+out+China-tied+hackers+from+U.S.+telecommunications+systems.)* [](mailto:?body=The%20incident%20comes%20in%20the%20final%20days%20of%20the%20Biden%20presidency%20and%20as%20officials%20work%20to%20root%20out%20China-tied%20hackers%20from%20U.S.%20telecommunications%20systems.%0A%0Ahttps%3A//www.nextgov.com/cybersecurity/2024/12/chinese-sponsored-hackers-accessed-treasury-documents-major-incident/401899/&subject=Nextgov.com%3A%20Chinese-sponsored%20hackers%20accessed%20Treasury%20documents%20in%20%E2%80%98major%20incident%E2%80%99)Chinese government-aligned hackers accessed Treasury Department workstations in a ‘major incident’ that involved the compromise of a third-party provider, according to a letter reviewed by *Nextgov/FCW* and confirmed in a statement by Treasury on Friday.The [letter](https://www.nextgov.com/media/general/2024/12/12.30.2024_letter_to_chairman_brown_and_ranking_member_scott.pdf) addressed to leaders on the Senate Banking Committee says that on Dec. 8 BeyondTrust, a provider of cloud security services, alerted Treasury to a breach where hackers had obtained a key used to secure a cloud-based service for remotely supporting Treasury Departmental Offices users.Using the stolen key, the attacker bypassed the service’s security, remotely accessed Treasury workstations and retrieved certain unclassified documents stored by those users.’The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,’ the agency said in a statement.’Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,’ it adds.Agence France-Presse, the French international news agency, [first reported](https://x.com/AFP/status/1873821649046560847) the hack. The letter says that, according to available indicators, ‘the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.’ The specific hacking unit is not named.APTs are a moniker used in the cybersecurity community to denote hacking collectives that operate with advanced technical capabilities, persistent attack strategies and often with the financial backing of nation-states.Treasury has been in contact with the intelligence community, the FBI and the Cybersecurity and Infrastructure Security Agency regarding the incident. CISA referred *Nextgov/FCW* to Treasury for comment, while the FBI and BeyondTrust did not immediately return requests for comment.A Chinese embassy spokesperson vehemently denied the contents of the letter and said China firmly opposes U.S. ‘smear attacks’ against China. ‘The U.S. needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,’ spokesperson Liu Pengyu said in a statement.Pengyu added that, during a meeting between President Biden and President Xi Jinping in Peru at the APEC Summit last month, Xi said there’s ‘no evidence that supports the irrational claim of the so-called ”cyberattacks from China.”Biden [raised the question](https://www.nytimes.com/2024/11/22/us/politics/chinese-hack-telecom-white-house.html#:~:text=or%20sensitive%20emails.-,The%20hack%20was%20considered%20so%20severe%20that%20President%20Biden%20took%20it,up%2C%E2%80%9D%20Mr.%20Sullivan%20told%20reporters%2C%20though%20he%20declined%20to%20provide%20details.,-There%20are%20limits) of hacking to Xi following a sweeping China-tied intrusion in U.S. [telecommunications systems](https://www.nextgov.com/cybersecurity/2024/12/major-cyber-news-drops-under-buzzer-2024/401889/?oref=ng-category-lander-top-story#:~:text=Ninth%20U.S.%20telecom%20provider%20falls%20victim%20to%20Chinese%20hackers) that has unfolded over the past couple months and not fully been eradicated.Those telecom hacks, from a group dubbed Salt Typhoon by cybersecurity researchers, have hit nine providers in the U.S. and dozens of others abroad, and have targeted key political figures in the D.C. beltway. Share This:* [](https://twitter.com/share?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&text=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99&via=Nextgov)* [](http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&mini=true&summary=The+incident+comes+in+the+final+days+of+the+Biden+presidency+and+as+officials+work+to+root+out+China-tied+hackers+from+U.S.+telecommunications+systems.&source=Nextgov.com&title=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99)* [](https://www.facebook.com/dialog/feed?picture=https%3A%2F%2Fcdn.nextgov.com%2Fmedia%2Fimg%2Fcd%2F2024%2F12%2F30%2F123024TreasuryNG%2F860x394.jpg&name=Chinese-sponsored+hackers+accessed+Treasury+documents+in+%E2%80%98major+incident%E2%80%99&app_id=622609557824468&redirect_uri=https%3A%2F%2Fwww.nextgov.com&link=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2024%2F12%2Fchinese-sponsored-hackers-accessed-treasury-documents-major-incident%2F401899%2F&display=popup&description=The+incident+comes+in+the+final+days+of+the+Biden+presidency+and+as+officials+work+to+root+out+China-tied+hackers+from+U.S.+telecommunications+systems.)* [](mailto:?body=The%20incident%20comes%20in%20the%20final%20days%20of%20the%20Biden%20presidency%20and%20as%20officials%20work%20to%20root%20out%20China-tied%20hackers%20from%20U.S.%20telecommunications%20systems.%0A%0Ahttps%3A//www.nextgov.com/cybersecurity/2024/12/chinese-sponsored-hackers-accessed-treasury-documents-major-incident/401899/&subject=Nextgov.com%3A%20Chinese-sponsored%20hackers%20accessed%20Treasury%20documents%20in%20%E2%80%98major%20incident%E2%80%99)**NEXT STORY:** [Major cyber news drops under the buzzer for 2024](/cybersecurity/2024/12/major-cyber-news-drops-under-buzzer-2024/401889/?oref=ng-next-story) | [Human operators must be held accountable for AI’s use in conflicts, Air Force secretary says](/artificial-intelligence/2023/12/human-operators-must-be-held-accountable-ais-use-conflicts-air-force-secretary-says/392457/?oref=ng-earthbox-post) | [Why NIST is prioritizing creating a dictionary of AI development](/artificial-intelligence/2023/12/why-nist-prioritizing-creating-dictionary-ai-development/392427/?oref=ng-earthbox-post) | [SSA restructures tech shop to center on the CIO](/modernization/2023/11/ssa-restructures-tech-shop-center-cio/392377/?oref=ng-earthbox-post) | [How a push to the cloud helped a Ukrainian bank keep faith with customers amid war](/modernization/2023/11/how-push-cloud-helped-ukrainian-bank-keep-faith-customers-amid-war/392375/?oref=ng-earthbox-post) | [The people problem behind the government’s AI ambitions](/artificial-intelligence/2023/11/people-problem-behind-governments-ai-ambitions/392212/?oref=ng-earthbox-post) | [sponsor content| Streamlining public health: How the FDA is leveraging cloud solutions](https://www.govexec.com/assets/streamlining-public-health-how-fda-leveraging-clou/portal/) | [Human operators must be held accountable for AI’s use in conflicts, Air Force secretary says](/artificial-intelligence/2023/12/human-operators-must-be-held-accountable-ais-use-conflicts-air-force-secretary-says/392457/?oref=ng-earthbox-post) | [Why NIST is prioritizing creating a dictionary of AI development](/artificial-intelligence/2023/12/why-nist-prioritizing-creating-dictionary-ai-development/392427/?oref=ng-earthbox-post) | [SSA restructures tech shop to center on the CIO](/modernization/2023/11/ssa-restructures-tech-shop-center-cio/392377/?oref=ng-earthbox-post) | [How a push to the cloud helped a Ukrainian bank keep faith with customers amid war](/modernization/2023/11/how-push-cloud-helped-ukrainian-bank-keep-faith-customers-amid-war/392375/?oref=ng-earthbox-post) | [The people problem behind the government’s AI ambitions](/artificial-intelligence/2023/11/people-problem-behind-governments-ai-ambitions/392212/?oref=ng-earthbox-post) | [sponsor content| | Streamlining public health: How the FDA is leveraging cloud solutions](https://www.govexec.com/assets/streamlining-public-health-how-fda-leveraging-clou/portal/)

Related Tags:
NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

NAICS: 51 – Information

Blog: NextGov

Create or Modify System Process: Windows Service

Create or Modify System Process

Software Discovery: Security Software Discovery

Software Discovery

Associated Indicators: