Chinese hackers accessed workstations and stole documents in a “major incident” earlier this month, the Treasury Department announced Monday.
In a letter to the leaders of the Senate Banking, Housing and Urban Affairs Committee, assistant secretary for management Aditi Hardikar wrote the state-sponsored hackers compromised a third-party cybersecurity service provider — BeyondTrust — to gain access on Dec. 8.
Sen. Sherrod Brown (D-Ohio) and Sen. Tim Scott (R-S.C.) are the chairman and ranking members of the committee, respectively.
The hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users,” the letter reads. “With access to the stolen key, the threat actor was able override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The Treasury said it is working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to determine the extent of the hack.
A Treasury spokesperson told CNN the affected system was quickly taken offline, putting an end to the hack.
“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” they said.
“Treasury takes very seriously all threats against our systems, and the data it holds. Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” the statement reads in part.
The total number of compromised workstations, and contents of the stolen documents were not revealed.
