A Chinese state-sponsored actor hacked the US Treasury department through a third-party service provider in a “major cyber security incident”, the agency said on Monday.
In a letter to the Senate banking committee seen by the Financial Times, the Treasury department said it had been informed on December 8 by software company BeyondTrust that a hacker had breached several remote government workstations by obtaining a security key and had in turn gained access to unclassified documents on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cyber security incident.”