Chinese hackers remotely accessed several US Treasury Department workstations and unclassified documents after compromising a third-party software service provider, officials have claimed.
The department did not provide details on how many workstations had been accessed or what sort of documents the hackers may have obtained.
However, in a letter to lawmakers, the agency said that “at this time, there is no evidence indicating the threat actor has continued access to Treasury information.”
Initial investigations suggested the hack appeared to have been carried out by “a China-based Advanced Persistent Threat (APT) actor”, officials claimed.
“In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident,” officials at the department said.
The Treasury has said it “takes very seriously all threats against our systems and the data it holds”.
The department said it learned of the problem on December 8, when a third-party software service provider, BeyondTrust, flagged that hackers had stolen a key “used by the vendor to secure a cloud-based service used to remotely provide technical support” to workers.
The Treasury said that the key helped the hackers override the service’s security and gain remote access to several employee workstations.
In a letter Monday to Senate Banking Committee leaders, Aditi Hardikar, an assistant Treasury secretary, said the service the department claims was compromised has since been taken offline, and there’s no evidence that the hackers still have access to department information.
The department said it was working with the FBI and the Cybersecurity and Infrastructure Security Agency and others to investigate the impact of the hack, and that the hack had been attributed to Chinese state-sponsored culprits, without elbaorating further.
Chinese embassy spokesperson Liu Pengyu, as per BBC News, rejected the department’s report as “disinformation” against Beijing.
“We hope that relevant parties will adopt a professional and responsible attitude when characterizing cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said.
“The US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”