(Bloomberg) — The US Treasury Department was hacked by a Chinese state-sponsored actor through a third-party software service provider, according to a letter the agency sent to Congress on Monday.
Most Read from Bloomberg
Treasury described the intrusion as a “major cybersecurity incident,” since it was attributed to a state-sponsored actor, according to the letter, which was reviewed by Bloomberg News.
Treasury was notified on Dec. 8 by a third-party software provider, BeyondTrust Inc., that a hacker had gained access “to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” according to the letter.
The department is being assisted by the Cybersecurity and Infrastructure Security Agency, the FBI, the intelligence community and third-party forensic investigators.
Based on available information, advanced hackers tied to China were behind the incident, according to the letter.
The Chinese embassy in Washington opposes US “smear attacks against China without any factual basis,” it said in an emailed statement. “The US needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat,” it said.
BeyondTrust, which sells managed access software and other cybersecurity products, holds contracts with the federal government worth more than $4 million, according to government data compiled by Bloomberg. In addition to Treasury, the data shows, BeyondTrust does business with the Department of Defense, Department of Veterans Affairs and the Department of Justice, along with other agencies.
A BeyondTrust spokesperson said Monday night that a limited number of customers were involved, had been notified and were being offered support. The spokesperson added that law enforcement had been contacted and the company was supporting the investigation.
The Department of Defense, Department of Justice, and Department of Veterans Affairs didn’t immediately respond to separate requests for comment.
The hacker was able to remotely access certain Treasury workstations and “certain unclassified documents maintained by those users,” the department said in the letter to Senators Sherrod Brown and Tim Scott.
“The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury spokesperson said.
Disclosure of the breach comes as the White House continues to investigate what it says is a vast cyber-espionage campaign against US telecommunications companies by Chinese state-sponsored hackers. On Friday, the White House said nine telecom firms had been impacted by the attacks, which have been attributed to a group Microsoft Corp. nicknamed Salt Typhoon.
