Documents and workstations at the US Treasury Department were accessed during the cyberattack, The New York Times reports. The attack was linked to a “China state-sponsored Advanced Persistent Threat actor” and characterized as “a major cybersecurity incident.”
According to a letter shared by the Treasury Department with lawmakers (via TechCrunch), US officials became aware of the issue on December 8, when BeyondTrust, a third-party software company, shared a security key used to provide technical support to access workstations and unidentified documents.
The Treasury Department said it worked with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to understand the full scope of the breach, but did not share how long files and workstations were accessed or what was actually accessed . Engadget has contacted the US Treasury Department and will update this article as soon as we learn more.
A cyberattack follows a similar, but separate pattern breach of US telecom carriers which became known in October 2024. That cyberattack was carried out by a Chinese hacking group referred to as “Salt Typhoon.” Attackers gained access to unencrypted SMS messages and call logs of politicians, government officials and others for month before the breach was discovered.
