Chinese hackers remotely accessed several U.S. Treasury Department workstations and unclassified documents after compromising a third-party software service provider, the agency said Monday.
The department did not provide details on how many desktops were accessed or what type of documents the hackers were able to obtain, but it said in a letter to lawmakers disclosing the breach that “at the “At this time, there is no evidence that the threat actor has continued.” access to Treasury information.
“Treasury takes all threats to our systems and the data it holds very seriously,” the department said.
“Over the past four years, Treasury has significantly strengthened its cyber defense, and we will continue to work with private and public sector partners to protect our financial system from malicious actors.”
The letter describes the hack as a “major incident.”
The department said it became aware of the problem on Dec. 8 when a third-party software service provider, BeyondTrust, reported that hackers had stolen a key used by the provider that helped it bypass the system and gain access to distance to several workstations of its employees.
The compromised service has since been taken offline, and there is no evidence that the hackers still have access to the department’s information, Aditi Hardikar, deputy Treasury secretary, said in Monday’s letter to leaders of the Senate Banking Committee.
The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency, and that the hack had been traced to Chinese culprits.
It was not specified.
The revelation comes as U.S. officials continue to deal with the fallout from a massive Chinese cyberespionage campaign known as Salt Typhoon, which gave Beijing officials access to the private text messages and phone conversations of a unknown number of Americans.
A senior White House official said Friday that the number of telecommunications companies affected by the hack now stands at nine.
