Hack on US Treasury blamed on China causes fear in cybersecurity community

After unclassified documents from the US Treasury Department were accessed in a hack blamed on China , many in the cybersecurity community are wondering how such breaches might intensify in the weeks and months ahead. “I know a lot of cybersecurity vendors are now worried about getting hit themselves,” said a media-relations professional with various technology clients. “As a result, they’re taking the line of not jumping on top of someone else’s misfortune.” The Treasury Department sent a letter to US senators on Monday saying that third-party software provider BeyondTrust had disclosed that a “threat actor” gained “access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users”. In a statement provided to The National , BeyondTrust said that it had notified a limited number of customers who were affected, and that it has been working to support the customers since then. “BeyondTrust previously identified and took measures to address a security incident in early December 2024 that involved the Remote Support product,” read the statement. It added that only the company's Remote Support product had been compromised. “Law enforcement was notified and BeyondTrust has been supporting the investigative efforts.” The company also said it had posted an entire timeline of the hack and would continue updating affected customers. China has repeatedly denied involvement in the hacking, with a Foreign Ministry representative saying that the accusations were “groundless” and “lacking evidence”. According to the letter from the Treasury Department, through the “key”, the hacker was able to gain access to certain government workstations – with that access limited to unclassified documents. “The analogy is a hacker breaks into your plumber's office and steals master keys to the buildings they service,” John Scott-Railton, a senior researcher with Citizen Lab, an interdisciplinary technology research lab based at the University of Toronto, wrote on X. “Given BeyondTrust's big client list, makes one wonder if other customers were targeted,” he added, referring to clients such as Williams Sonoma, Carbonite, IHG Hotels and Resorts, Wynn Resorts and ServiceNow. The recent compromise of the Treasury Department comes weeks after what has become known as the Salt Typhoon cyber breach , flagged by US cybersecurity officials in early December. In that particular breach, Washington agencies accused China of sponsoring an attack that infiltrated at least nine US communications companies and potentially left American consumers vulnerable. As a result of Salt Typhoon and other recent accusations against China-based hackers, the Cybersecurity and Infrastructure Security Agency, issued guidance for “highly targeted individuals” in the US to protect their mobile devices and personal communication computer systems. “Use only end-to-end encrypted communications,” reads one of the guidance suggestions from CISA in the long list compiled by the agency. “Migrate away from short message service-based multi factor authorisation,” reads another on the list, which also has specific instructions for iPhone and Android platform users. In early December during a panel discussion hosted by the Centre for Strategic and International Studies, Kara Frederick, director of the tech policy centre for The Heritage Foundation, a conservative think tank, spoke about an increasingly problematic national security outlook when it comes to China , and that US tech companies needed to scale back efforts in the country. “US big tech companies are going to have to pick a flag, and it should be the stars and bars and not China. I think the Trump administration will wake these companies up to that,” she said. In a recent video posted by the select committee on the Chinese Communist Party, Republican Representative John Moolenaar did not mince words about tension between the US and China over technology. “The select committee has made incredible progress in combating China's maligned influence within the United States,” Mr Moolenaar said, pointing out the recent bill that seeks to ban TikTok in the US due to national security concerns. That bill is being challenged by ByteDance, the Beijing-based owner of TikTok, in the US Supreme Court, which will hear legal arguments from the company that is hoping to keep the social media platform operating in the US. “With steadfast support from both [House Speaker Mike Johnson and minority leader Hakeem Jeffries] I look forward to continuing to lead this excellent group of lawmakers for another two years in continuing our bipartisan work to stand up to the Chinese Communist Party to protect American interests at home and abroad,” said Mr Moolenaar.

Hack on US Treasury blamed on China causes fear in cybersecurity community

Suspected breach is latest development fuelling distrust between Washington and Beijing