Chinese hackers remotely accessed several US Treasury Department workstations and unclassified documents after compromising a third-party software service provider, the agency has said.
The department did not provide details on how many workstations had been accessed or what sort of documents the hackers may have obtained, but it said in a letter to politicians revealing the breach that “at this time there is no evidence indicating the threat actor has continued access to Treasury information”.
It said the hack was being investigated as a “major cybersecurity incident”.
“Treasury takes very seriously all threats against our systems, and the data it holds,” the department said. “Over the last four years, Treasury has significantly bolstered its cyber defence, and we will continue to work with both private and public sector partners to protect our financial system from threat actors.”
The department said it learned of the problem on December 8 when a third-party software service provider, BeyondTrust, flagged that hackers had stolen a key used by the vendor that helped it override the system and gain remote access to several employee workstations.
The compromised service has since been taken offline, and there is no evidence that the hackers still have access to department information, Aditi Hardikar, an assistant Treasury secretary, said in the letter to leaders of the Senate Banking Committee on Monday.
The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency, and that the hack had been attributed to Chinese culprits. It did not elaborate.
The revelation came as US officials continue to grapple with the fallout of a massive Chinese cyberespionage campaign known as Salt Typhoon that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans.
A top White House official said on Friday that the number of telecommunications companies affected by the hack has now risen to nine.
