(NewsNation) — A Chinese state-sponsored hacker accessed U.S. Treasury workstations and stole documents in a “major incident” in early December, a letter sent to lawmakers and reviewed by NewsNation confirmed.
The Treasury Department was notified on Dec. 8, 2024, that a bad actor had “gained access to a key” used by a third-party software service provider, BeyondTrust.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter reads in part.
With this key, the hacker was able to override security measures, remotely access workstations and access “certain unclassified documents” from users.
The Treasury Department said it is working with the U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation to “fully characterize the incident and determine its overall impact.”
A BeyondTrust spokesperson shared the following statement with NewsNation:
“BeyondTrust previously identified and took measures to address a security incident in early December 2024 that involved the Remote Support product. BeyondTrust notified the limited number of customers who were involved, and it has been working to support those customers since then. No other BeyondTrust products were involved. Law enforcement was notified and BeyondTrust has been supporting the investigative efforts. BeyondTrust posted information regarding the incident and the on-going investigation on its website on December 8, 2024, including a summary, timeline, and indicators. The security advisory has been updated since then as part of BeyondTrust’s commitment to updating customers through the completion of this matter.”
As of Dec. 30, the BeyondTrust service is offline, according to the letter.
The department also assured lawmakers that “there is no evidence indicating the threat actor has continued access to Treasury information.”
