On December 30, 2024, the United States Treasury Department confirmed a cyber breach attributed to a state-sponsored actor from China. The incident occurred earlier this month when the attacker compromised the systems of an external cybersecurity service provider, gaining remote access to government workstations and some unclassified documents.
A Treasury spokesperson indicated that the department contacted the Cybersecurity and Infrastructure Security Agency after being alerted by their provider, BeyondTrust. They are currently collaborating with federal authorities to assess the impact of the intrusion.
The compromised BeyondTrust service has been disconnected, and there is no evidence suggesting that the threat actor retained access to the Treasury's systems or information. In a letter to Senate Banking Committee leaders, the Treasury Department noted that, based on available indicators, the incident has been linked to an Advanced Persistent Threat (APT) actor sponsored by the Chinese government.
While further details on the extent of the attack have not been disclosed, the Treasury assured that additional information would be released in a forthcoming supplemental report.