Unidentified documents were stolen after the theft earlier this month, according to a letter sent by the Treasury to Congress.
State-sponsored hackers in China were able to steal classified documents from US Treasury workstations earlier this month, the US Treasury Department said.
The department said on Monday that the attackers were able to compromise a third-party cybersecurity service provider and obtain documents in what it described as a “major incident”.
“(Hackers) obtained a key used by a vendor to secure a cloud-based service used to provide technical support to users of Treasury Departmental Offices (DO),” a letter sent by the US Treasury Department to Congress said. “With the stolen key, the attacker was able to bypass the security of the service, remotely access other Treasury DO users, and access countless other documents stored by those users.”
A statement from the Treasury said the department is “focused on all threats to our systems, and their assets”.
The Treasury Department was notified of the hacking of the cybersecurity provider, BeyondTrust on December 8. The department says it is working with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the impact of the hack.
“The compromised BeyondTrust project has been removed from the Internet and there is no evidence that the threat actor will continue to gain access to Treasury information or resources,” a Treasury Department spokesperson told AFP.
A letter to the leadership of the US Senate Banking Committee directly criticized China, saying that this “was caused by a Chinese state-sponsored Advanced Persistent Threat (APT) actor”.
An APT is a cyberattack where a hacker can remain unaware and unintelligible to a target for a long period of time.
The Treasury Department said more information will be released in an additional report at a later date.
The hacking report comes less than a month before US President-elect Donald Trump's inauguration.
Trump has threatened China with a trade war and tariffs, saying that Beijing has not done enough stopping the flow of the opioid fentanyl into the US.
Trump's Republicans and Democrats have warned of China's threats against the US, particularly in the area of cyber security.
In September, the US Department of Justice said it had busted a Chinese-backed cyberattack network that affected 200,000 devices worldwide.
And in early December, the US approved a Chinese cybersecurity firm is a researcher on the 2020 threat that tested the use of computer software vulnerability in corporate threats.
China has denied any involvement in the attacks and says it opposes all forms of cybercrime.