US Treasury says its workstations hacked in cyberattack by China

Chinese state-sponsored hackers breached the U.S. Treasury Department earlier this month, stealing documents from its workstations, according to a letter to lawmakers obtained by Reuters on Monday.

The hackers exploited a vulnerability in a third-party cybersecurity service provider, granting them access to unclassified documents. The letter described the incident as a "major breach."

Hackers reportedly "gained access to a critical key used by the vendor to secure a cloud-based service that provides remote technical support for Treasury Departmental Offices (DO) end users." Using the stolen key, the attackers bypassed the service’s security measures, remotely infiltrated certain Treasury DO user workstations, and accessed specific unclassified documents stored by those users.

The Treasury Department, alerted by cybersecurity provider BeyondTrust, is now working closely with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to evaluate the breach’s impact and ensure further security.