The US Treasury Department was breached by Chinese state-sponsored hackers, who gained access to unclassified documents, in what the organisation called a “major cyber security incident”, according to a letter sent to the Congress on Monday.
The Treasury said a third-party software provider, BeyondTrust, had notified it of the breach.
The hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users”, the letter seen by Bloomberg and Reuters, said.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The Treasury department said it was working with the US Cybersecurity and Infrastructure Security Agency, the FBI and third-party forensic investigators.
BeyondTrust said it has been supporting the investigative efforts.
The Chinese Embassy in Washington dismissed the allegations and said the “US needs to stop using cyber security to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threat”.
“The compromised BeyondTrust service has been taken offline, and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a Treasury representative told Bloomberg.
Cyber security issues globally have been rising sharply, led by an increasing number of ransomware attacks targeting government services and other critical sectors in many countries, the 2024 Global Cybersecurity Index released by the UN's International Telecommunication Union in September.
The global average cost of a data breach was estimated at $4.45 million last year, it said.
The US is already carrying out an investigation into what has become known as the Salt Typhoon cyber breach, flagged by officials in early December. The US has accused China of sponsoring the attack that infiltrated US communications companies and potentially left American consumers vulnerable.
Initially, officials said eight US companies had been affected, but that number has since risen to nine.
US companies need to enact critical infrastructure changes and update basic cyber security practices, Anne Neuberger, deputy national security adviser for cyber and emerging technology, told media on Friday.
“What we've learnt from the investigation is that there's several categories of things that are needed in this space: better management of configuration, better vulnerability management of networks, better work across the telecom sector to share information when incidents occur,” she said.
Voluntary commitments by companies were inadequate, she said, and explained that the administration would be seeking bipartisan support from the Federal Communications Commission (FCC) to ensure compliance from telecoms companies.
With inputs from Bloomberg and Reuters
What are the GCSE grade equivalents?
- Grade 9 = above an A*
- Grade 8 = between grades A* and A
- Grade 7 = grade A
- Grade 6 = just above a grade B
- Grade 5 = between grades B and C
- Grade 4 = grade C
- Grade 3 = between grades D and E
- Grade 2 = between grades E and F
- Grade 1 = between grades F and G
UK-EU trade at a glance
EU fishing vessels guaranteed access to UK waters for 12 years
Co-operation on security initiatives and procurement of defence products
Youth experience scheme to work, study or volunteer in UK and EU countries
Smoother border management with use of e-gates
Cutting red tape on import and export of food
UAE currency: the story behind the money in your pockets
What it means to be a conservationist
Who is Enric Sala?
Enric Sala is an expert on marine conservation and is currently the National Geographic Society's Explorer-in-Residence. His love of the sea started with his childhood in Spain, inspired by the example of the legendary diver Jacques Cousteau. He has been a university professor of Oceanography in the US, as well as working at the Spanish National Council for Scientific Research and is a member of the World Economic Forum’s Global Future Council on Biodiversity and the Bio-Economy. He has dedicated his life to protecting life in the oceans. Enric describes himself as a flexitarian who only eats meat occasionally.
What is biodiversity?
According to the United Nations Environment Programme, all life on earth – including in its forests and oceans – forms a “rich tapestry of interconnecting and interdependent forces”. Biodiversity on earth today is the product of four billion years of evolution and consists of many millions of distinct biological species. The term ‘biodiversity’ is relatively new, popularised since the 1980s and coinciding with an understanding of the growing threats to the natural world including habitat loss, pollution and climate change. The loss of biodiversity itself is dangerous because it contributes to clean, consistent water flows, food security, protection from floods and storms and a stable climate. The natural world can be an ally in combating global climate change but to do so it must be protected. Nations are working to achieve this, including setting targets to be reached by 2020 for the protection of the natural state of 17 per cent of the land and 10 per cent of the oceans. However, these are well short of what is needed, according to experts, with half the land needed to be in a natural state to help avert disaster.
Tearful appearance
Chancellor Rachel Reeves set markets on edge as she appeared visibly distraught in parliament on Wednesday.
Legislative setbacks for the government have blown a new hole in the budgetary calculations at a time when the deficit is stubbornly large and the economy is struggling to grow.
She appeared with Keir Starmer on Thursday and the pair embraced, but he had failed to give her his backing as she cried a day earlier.
A spokesman said her upset demeanour was due to a personal matter.
Real estate tokenisation project
Dubai launched the pilot phase of its real estate tokenisation project last month.
The initiative focuses on converting real estate assets into digital tokens recorded on blockchain technology and helps in streamlining the process of buying, selling and investing, the Dubai Land Department said.
Dubai’s real estate tokenisation market is projected to reach Dh60 billion ($16.33 billion) by 2033, representing 7 per cent of the emirate’s total property transactions, according to the DLD.
