During the cyber attack, access was gained to documents and workstations of the US Department of the Treasury. New York Times reports. The attack was linked to a “Chinese state-sponsored Advanced Persistent Threat actor” and was described as a “major cybersecurity incident.”
According to the letter The Ministry of Finance shared with legislators (via TechCrunchUS officials were informed of the issue on December 8 when BeyondTrust, a third-party software company, reported that a security key used to provide technical support was being used to access workstations and unclassified documents.
The Treasury Department said it was working with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to understand the full scope of the breach, but did not say how long the files and workstations were accessible or what was actually accessed. Engadget has contacted the U.S. Treasury Department and will update this article as soon as more is known.
The cyberattack followed an equally alarming but separate hacking of US telecom operators This became known in October 2024. This cyber attack was carried out by a Chinese hacking group known as Salt Typhoon. The attackers gained access to unencrypted SMS messages and call logs of politicians, government officials and others. months before the violation was discovered.