The U.S. Treasury Department said that a hacker group, backed by China, was able to target its employees’ computer software. The U.S. agency described the incident in question as “a major incident.”
In a letter viewed by NBC News, Aditi Hardikar, the department’s assistant secretary for management, wrote that the office was informed on Dec. 8 of the breach. The missive is addressed to Democratic Senator Sherrod Brown, and Republican Senator Tim Scott, the chairman and ranking member, respectively, of the Committee on Banking, Housing and Urban Affairs.
The information accessed by the hackers included unclassified documents. Hardikar also said that the Treasury Department was informed by “a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.”
Hackers, therefore, were able to overcome some security measures and gain access to the department’s user workstations. The agency is now is working with the Cybersecurity and Infrastructure Security Agency, the FBI and other members of the intelligence community, as well as third-party forensic investigators, to fully characterize the incident and determine its overall impact.
A Treasury spokesman further stated that “the compromised BeyondTrust service has been taken offline” and that there is “no evidence indicating the threat actor has continued access to Treasury systems or information.”
“Treasury takes very seriously all threats against our systems, and the data it holds”, he added. “Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”