The US Treasury Department says a China state-sponsored actor was behind a cyber breach resulting in access to some of its workstations, according to a letter to Congress seen by AFP.

The incident happened this month, when the actor compromised a third-party cybersecurity service provider and was able to remotely access the Treasury workstations and some unclassified documents, a Treasury spokesperson said.

Treasury contacted the US Cybersecurity and Infrastructure Security Agency after it was alerted of the situation by its provider, BeyondTrust, and has been working with law enforcement partners to ascertain the impact.

“The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” the department’s spokesperson said.

In its letter to the leadership of the Senate Banking Committee, the Treasury said: “Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor.”

An APT refers to a cyberattack where an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period.

The department did not provide further details on what was affected by the breach, but said more information would be released later in a supplemental report.

“Treasury takes very seriously all threats against our systems and the data it holds,” the Treasury spokesperson said.

The official said the department would continue working to protect the US financial system from threats.

Alarm over hacks

Several countries, notably the United States, have voiced alarm in recent years at what they say is Chinese government-backed hacking activity targeting their governments, militaries and businesses.

Beijing rejects the allegations and has previously said it opposes and cracks down on all forms of cyberattacks.

In September, the US Justice Department said it had neutralised a cyberattack network that affected 200,000 devices worldwide, alleging it was run by hackers backed by the Chinese government.

In February, US authorities said they had dismantled a network of hackers known as Volt Typhoon.

The group was said to be targeting key public sector infrastructure such as water treatment plants and transportation systems at the behest of China.

In 2023, tech giant Microsoft said China-based hackers seeking intelligence information breached the email accounts of several US government agencies.

The group, Storm-0558, had breached email accounts at about 25 organisations and government agencies.

Accounts belonging to the State Department and Commerce Secretary Gina Raimondo were among those hacked in that breach.