On Tuesday, Beijing responded to accusations that a Chinese state-sponsored actor was behind a cyber breach at the US Treasury Department, calling the claims “baseless.”
Treasury said the attack resulted in access to some of its workstations, according to a letter to Congress seen by AFP.
According to Treasury, the incident occurred earlier this month, when the actor compromised a third-party cybersecurity service provider and was able to remotely access workstations and some unclassified documents.
China denied the allegations and the Foreign Ministry said Beijing “has always opposed all forms of hacker attacks, and we further oppose the spread of false information against China for political purposes.”
“We have expressed our position many times on baseless accusations lacking evidence,” said Foreign Ministry spokeswoman Mao Ning.
Treasury contacted the U.S. Cybersecurity and Infrastructure Security Agency after being alerted to the situation by its vendor BeyondTrust and has been working with authorities to determine the impact.
“The compromised BeyondTrust service has been disconnected and there is no evidence to indicate that the threat actor has continued to access Treasury systems or information,” the department spokesperson said.
In its letter to Senate Banking Committee leaders, Treasury said: “Based on available indicators, the incident has been attributed to a state-sponsored Advanced Persistent Threat (APT) actor from China.” An APT refers to a cyber attack in which an intruder establishes and maintains unauthorized access to a target, undetected for an extended period of time.
The department did not provide further details about what was affected by the breach, but said more information would be released in a supplemental report at a later date.
“Treasury takes all threats to our systems and the data it holds very seriously,” the spokesperson added.
Hack alarm
Several countries, particularly the United States, have expressed alarm in recent years over what they say is Chinese government-backed hacking activity targeting their governments, militaries and companies.
Beijing rejects the accusations and has previously said it opposes and cracks down on all forms of cyberattacks.
In September, the US Department of Justice said it had neutralized a cyberattack network that affected 200,000 devices worldwide, alleging it was run by hackers backed by the Chinese government.
In February, US authorities also said they had dismantled a hacking network known as “Volt Typhoon.”
The group was said to target key public sector infrastructure, such as water treatment plants and transportation systems, at the behest of China.
In 2023, tech giant Microsoft said that China-based hackers seeking intelligence information breached the email accounts of several US government agencies.
The group, Storm-0558, had breached email accounts at approximately 25 organizations and government agencies.
Accounts belonging to the State Department and Commerce Secretary Gina Raimondo were among those hacked in that breach.
