Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
- BeyondTrust, which has contracts with various federal agencies, including the US Treasury Department, identified the breach in its Remote Support product on December 2.
- The company revoked the compromised API key and notified affected users, while cooperating with law enforcement and cybersecurity agencies.
On Monday, the US Treasury Department said that a Chinese state actor was behind the hacking of its employees’ workstations using the third-party software service BeyondTrust. However, the Chinese government has absolutely denied responsibility while refuting the Ministry of Finance’s accusations.
Aditi Hardikar, assistant secretary for management at the Ministry of Finance, said: “Based on available indications, the incident is attributed to the Chinese state-sponsored Advanced Persistent Threat (APT) actor.”
China denies role in hacking US Treasury Department
Following the accusations, China denied any involvement in the attack, with a spokesman telling Reuters that the country “resolutely opposes the US’s baseless attacks against China”. “There is no evidence to indicate that the threat actor has ongoing access to the Ministry of Finance’s systems or information,” they added. The affected service has since been shut down, according to Hardikar’s statement to US Senators Sherrod Brown and Tim Scott of the Banking Committee.
Treasury officials are working with the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, U.S. intelligence agencies and third-party forensic investigators to conduct a thorough review of the incident.
In an emailed statement to Bloomberg, the Chinese Embassy in Washington strongly condemned the Treasury Department, noting:
The US needs to stop using cybersecurity to smear and slander China and stop spreading all kinds of misinformation about the so-called Chinese hacking threat.
Here’s how the breach occurred
Software platform BeyondTrust, which offers access software and other cybersecurity products, has contracts with the federal government totaling more than $4 million. In addition to the US Treasury Department, it also works with agencies such as the Department of Veterans Affairs, the Department of Defense, and the Department of Justice.
A company spokesperson said the security breach affected a limited number of users who have received notifications and are receiving support. The company has also contacted the police and is cooperating with the investigation.
BeyondTrust identified a security incident in its Remote Support product on Dec. 2, and after confirming the “anomalous behavior” on Dec. 5, immediately revoked the API key and notified affected users. Additional details will be released in a 30-day supplemental report required under the Federal Information Security Modernization Act.
According to CNN, Treasury officials are reportedly preparing for a confidential briefing next week regarding the breach, which will include staff from the House Financial Services Committee.
The cryptocurrency industry also saw an increase in hacking this year, with over $2.3 billion in crypto assets stolen in 165 major incidents in 2024, a 40% increase from 2023, according to a report by blockchain security firm Cyvers.
