The US Treasury Department confirmed that a Chinese state-sponsored hacking group infiltrated its workstations in a “major cybersecurity incident.”
Beijing has denied the allegation, calling it “groundless”.
In a letter to lawmakers, Aditi Hardikar, assistant secretary for management at the Treasury, revealed that a stolen key allowed hackers to remotely access Treasury workstations and unclassified documents.
“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” Hardikar wrote.
The breach, discovered on December 8 through the third-party vendor BeyondTrust, exploited a stolen key to bypass security measures and gain unauthorized access.
The compromised service has been taken offline, and officials are collaborating with CISA, the FBI, and other agencies.
A Treasury spokesperson said, “There is no evidence indicating the threat actor has continued access to Treasury systems.”
China has dismissed accusations of cyberattacks made by the US, with its Ministry of Foreign Affairs condemning all forms of hacking.
“We have stated our position many times regarding such groundless accusations that lack evidence,” said ministry spokesperson Mao Ning, as quoted by AFP.
Chinese embassy spokesperson in the US, Liu Pengyu, also refuted the claims. “We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber-incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he told the BBC.
“The US needs to stop using cybersecurity to smear and slander China,” Liu added.
Treasury staff will brief the House Financial Services Committee on the breach next week, with the exact timing yet to be finalized.