China-backed hackers breached the US Treasury Department. Here’s what we know.

 The Chinese government has denied responsibility for the attack.

By Sarah AschJanuary 7, 2025 11:42 am, ,

Chinese government hackers breached the U.S. Treasury Department. Among other things, the hackers breached the office that administers economic sanctions against countries and groups of individuals.

The hack also compromised the Treasury Department’s Office of Financial Research. 

The breach occurred weeks after news reports of the Chinese government’s extensive hacking into U.S. telecommunications systems.

Francesca Lockhart, the cybersecurity clinic program lead at the Strauss Center for International Security and Law at the University of Texas at Austin, said nothing classified was breached as far as we know.

“It looks like only unclassified records were accessed by the hackers,” she said. “Of course, those still have some sensitive information included in them, but no classified material or law enforcement sensitive information was breached that we know of at this time.”

Lockhart said this is the latest in a series of high profile cyber attacks where the point of entry was a third party vendor.  

“Ironically, (it was) a cybersecurity vendor known as BeyondTrust, which was providing remote support services to the Treasury Department,” she said. “The hackers were able to compromise a key that BeyondTrust was using to provide that service to the department. And from there, they were able to bypass security protocols and access some of the Treasury workstations and servers.”

Although the Treasury Department might not be the first place that comes to mind for a cyber attack, Lockhart said the offices that were attacked could have valuable information for a foreign government.

“The key here are the offices (that) were targeted. So one is that sanctions office, the Office of Foreign Assets Control, which is responsible for compiling the administrative records and the evidence that shows which individuals or entities ought to be sanctioned and providing the justification from a statutory or regulatory perspective as to why. That information would be very valuable for adversaries to know in advance,” she said.

“And then we also saw the office of the Treasury Secretary, which was targeted. And China has a long history of targeting some of these top officials – cabinet-level officials – in the U.S. government, be it to intercept their sensitive communications, learn more about topics of interest, including which individuals or entities are going to be targeted for sanctions and kind of how the department is thinking.”

The Chinese government has denied any involvement in this attack, reasserting that they are against hacking and calling the accusation a smear campaign, Lockhart said.

However, Lockhart said this kind of cyber attack is a facet of modern espionage.

“This is really just a classic intelligence gathering hack, it seems, where China is after some of this sensitive information,” she said. “It is just, again, the latest in a long string of attacks, either for espionage or for what we call prepositioning, establishing positions and critical systems that could be leveraged in the event of conflict.”

The hack also serves as a reminder about the importance of vetting third party vendors, Lockhart said. 

“The government procurement process should really prioritize vetting third party vendors and their security practices,” she said. “And any third party that is awarded a contract with the government should ensure that they are practicing very strong cyber security and not growing lax about any of these even one-off services that they’re providing to departments they wouldn’t traditionally think to be targets, like Treasury.”

If you found the reporting above valuable, please consider making a donation to support it here. Your gift helps pay for everything you find on texasstandard.org and KUT.org. Thanks for donating today.