A Chinese state-sponsored hacker has broken into the US Treasury Department’s systems, accessing employee workstations and some unclassified documents, officials said on Monday.
The breach occurred in early December and was made public in a letter penned by the Treasury Department to lawmakers notifying them of the incident.
In the letter the Treasury Department said the China-based actor was able to override security via a key used by a third-party service provider that offers remote technical support to its employees.
The US agency characterised the breach as a “major incident”, and said it had been working with the FBI and other agencies to investigate the impact.
The compromised third-party service – called BeyondTrust – has since been taken offline, officials said. They added that there is no evidence to suggest the hacker has continued to access Treasury Department information since.
Along with the FBI, the Department has been working with the Cybersecurity and Infrastructure Security Agency and third-party forensic investigators to determine the breach’s overall impact.
Based on evidence it has gathered so far, officials said the hack appears to have been carried out by “a China-based Advanced Persistent Threat (APT) actor.”
“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” Treasury Department officials wrote in their letter to lawmakers.
This is a breaking news story. Check back for updates.