(Bloomberg) -- The US Treasury Department said it was hacked by a Chinese state-sponsored actor, calling it a “major cybersecurity incident” just days after the Biden administration said the country is behind a vast cyber-espionage campaign that’s ensnared nine telecommunications companies.
Working through an outside software provider, hackers illegally accessed a “key used by the vendor to secure a cloud-based service” that, in turn, provides technical support to Treasury Department users, the agency said in a letter to Congress. The software provider, BeyondTrust Inc., informed Treasury of the breach on Dec. 8, according to the letter, which was reviewed by Bloomberg.
Subscribe to the Bloomberg Daybreak podcast on Apple, Spotify or anywhere you listen.
News of the latest incursion follows the White House announcement on Dec. 27 that nine telecommunications firms had been breached by a state-sponsored Chinese hacking group known as Salt Typhoon. American officials have struggled to combat such espionage activity from nation-state hackers, who have potentially provided their intelligence agencies with deep access into US citizens’ communications and activities. Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, told reporters that many organizations are still failing to use basic cybersecurity practices.
President-elect Donald Trump’s team, which will soon have to oversee any response to the recent slew of hacks, vowed to hold China accountable but wouldn’t specify how.
“For too long our country has been on defense when it comes to cyberattacks,” Karoline Leavitt, Trump’s transition spokeswoman, said in a statement to Bloomberg. “The Trump Administration is committed to imposing costs on private and nation state actors who continue to steal our data and attack our infrastructure.”
The government in Beijing rejects American “smear attacks against China without any factual basis,” the Chinese embassy in Washington said in an emailed statement. “The US needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat,” the embassy said.
BeyondTrust, which sells managed access software and other cybersecurity products, holds contracts with the federal government worth more than $4 million, according to government data compiled by Bloomberg. In addition to Treasury, the data shows, BeyondTrust does business with the Department of Defense, Department of Veterans Affairs and the Department of Justice, along with other agencies.
A BeyondTrust spokesperson said Monday night that a limited number of customers were involved, had been notified and were being offered support. The spokesperson added that law enforcement had been contacted and the company was supporting the investigation.
Officials with the departments of Defense, Justice, and Veterans Affairs didn’t respond to separate requests for comment.
At Treasury, attackers accessed unclassified documents maintained on certain workstations, the department said in a letter to Senators Sherrod Brown and Tim Scott. Scott, a ranking member of the Senate Committee on Banking, Housing, and Urban Affairs, has requested a briefing on the matter, a spokesperson for the South Carolina Republican’s office said Tuesday.
A Treasury spokesperson said the compromised BeyondTrust service had been taken offline, and that there’s no evidence the hacker has continued access to the department’s information.
Representative Mark Green, a Tennessee Republican, said the House Homeland Security Committee has been in touch with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency as the investigation continues. The intrusion represents “a clear message from Beijing about its unwavering commitment to undermining our sovereignty,” he said.
Disclosure of the breach comes as the White House continues to investigate what it says is a vast cyber-espionage campaign against US telecommunications companies by Chinese state-sponsored hackers that Microsoft Corp. has dubbed Salt Typhoon.
Those hackers allegedly spent months lurking inside American telecom networks and gathering information about an unknown number of Americans’ phone calls and text messages. Among the phones targeted were those of then presidential candidate Donald Trump and his running mate JD Vance, Trump family members and members of Vice President Kamala Harris’ campaign staff and others, the New York Times has reported.
The alleged Chinese espionage efforts at US telecoms and the Treasury Department come after a period of relative calm in relations between US and China in the final stretches of President Joe Biden’s term.
That included Biden and Chinese leader Xi Jinping meeting at the APEC summit in Peru last month, a rare prisoner swap in late November and renewed agreement earlier this month on science and technology cooperation.
Neuberger, the deputy national security adviser for cyber and emerging technologies, said last week that the administration has further actions planned to hold Beijing accountable after moving ahead with a ban of China Telecom in the US.
--With assistance from Jenny Leonard and Jake Bleiberg.
(Updates with additional context throughout.)
©2024 Bloomberg L.P.