Beijing on Tuesday hit back at accusations that a China state-sponsored actor was behind a cyber breach at the US Treasury Department, calling the claims “groundless.”
The Treasury said the attack resulted in access to some of its workstations, according to a letter to Congress seen by AFP. The incident occurred earlier this month, when the attacker compromised a third-party cybersecurity service provider, enabling remote access to Treasury workstations and some unclassified documents.
China denied the allegations, with the foreign ministry stating that Beijing “has always opposed all forms of hacker attacks, and we are even more opposed to the spread of false information against China for political purposes.”
“We have stated our position many times regarding such groundless accusations that lack evidence,” foreign ministry spokeswoman Mao Ning said.
The Treasury Department contacted the US Cybersecurity and Infrastructure Security Agency after being alerted to the breach by its provider, BeyondTrust. Law enforcement is now investigating the incident to assess its impact.
“The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” the department’s spokesperson said.
In a letter to the leadership of the Senate Banking Committee, the Treasury confirmed the incident had been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor. An APT refers to a cyberattack where an intruder establishes and maintains unauthorised access to a target, remaining undetected for an extended period.
While the Treasury did not disclose the full scope of the breach, it stated that more information would be released in a subsequent report.
“Treasury takes very seriously all threats against our systems, and the data it holds,” the spokesperson added.
Several countries, notably the United States, have voiced concern in recent years over what they say is Chinese-government-backed hacking activity targeting their governments, militaries, and businesses. Beijing has consistently rejected these claims, insisting that it opposes and cracks down on all forms of cyberattacks.
In September, the US Justice Department said it had neutralized a cyberattack network affecting 200,000 devices worldwide, allegedly run by Chinese-backed hackers. In February, US authorities also dismantled a hacker network known as “Volt Typhoon,” which was said to be targeting critical infrastructure such as water treatment plants and transportation systems on behalf of China.
In 2023, Microsoft reported that Chinese-based hackers had breached email accounts of several US government agencies, including the State Department and Commerce Secretary Gina Raimondo’s office, through a group known as Storm-0558.
