WASHINGTON — A state-sponsored actor in China hacked the U.S. Treasury Department, gaining access to the workstations of government employees and unclassified documents, the Biden administration said Monday.
The announcement comes after revelations in recent months that China had penetrated deep into U.S. telecommunications systems, gaining access to the phone conversations and text messages of U.S. officials and others.
In a letter informing lawmakers of the episode, the Treasury Department said it had been notified Dec. 8 by a third-party software service company, BeyondTrust, that the hacker had obtained a security key that allowed it to remotely gain access to certain Treasury workstations and documents on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”
The Treasury Department said it had worked with the FBI, the intelligence community and other investigators to determine the impact of the breach. The compromised service had been taken offline, and there is no evidence that the Chinese state actor still has access to Treasury information, the department said.
In a statement, a Treasury spokesperson said that the department took threats against its systems and the data they hold very seriously, and that it would continue to work with the private sector and government agencies to protect the financial system from hacking.
The Treasury Department did not clarify when the episode took place but said it would reveal more details in a forthcoming report to Congress.
Chinese officials have long denied any government role in hacking, and have set up dialogues with the United States to work together on cybersecurity. This past month, officials from the Treasury Department traveled to China for a round of meetings of their economic and financial working groups, which cover collaboration on cybersecurity issues.
Recent reports of a separate breach of U.S. telecommunications systems by a Chinese hacking group nicknamed Salt Typhoon have raised concerns about the vulnerability of U.S. systems.
Microsoft’s cybersecurity team discovered that hacking this summer, which targeted the networks of AT&T, Verizon and Lumen. It gave Salt Typhoon, a group that is thought to be closely linked to China’s Ministry of State Security, access to conversations held by Donald Trump and JD Vance, among other Americans.
This article originally appeared in The New York Times.
© 2024 The New York Times Company