Beijing denies involvement in US treasury cyber-attack

Beijing has hit back at accusations that a China state-sponsored actor was behind a cyber breach at the US treasury department, calling the claims “groundless”.

The breach was orchestrated via a third-party cybersecurity service provider. Hackers were able to gain access to a key used by the vendor to override certain parts of the system, according to a letter the treasury department sent to lawmakers on Monday.

According to the treasury, the incident happened earlier this month, when the actor was able to remotely access workstations and some unclassified documents.

On Tuesday, China denied the claims, with the foreign ministry saying Beijing “has always opposed all forms of hacker attacks, and we are even more opposed to the spread of false information against China for political purposes”.

“We have stated our position many times regarding such groundless accusations that lack evidence,” the foreign ministry spokesperson Mao Ning said.

The treasury contacted the US Cybersecurity and Infrastructure Security Agency after it was alerted to the situation by the third-party provider, and has been working with law enforcement to ascertain the impact.

The department’s spokesperson said: “The compromised … service has been taken offline and there is no evidence indicating the threat actor has continued access to treasury systems or information.”

In its letter to the leadership of the Senate banking committee, the treasury said: “Based on available indicators, the incident has been attributed to a China state-sponsored advanced persistent threat (APT) actor.”

An APT refers to a cyber-attack where an intruder establishes and maintains unauthorised access to a target, remaining undetected for a sustained period of time.

The department did not provide further details on what was affected by the breach, but said more information would be released in a supplemental report at a later date.

“Treasury takes very seriously all threats against our systems, and the data it holds,” the spokesperson added.

Several countries, notably the US, have voiced alarm in recent years at what they say is Chinese government-backed hacking activity targeting their governments, militaries and businesses.

Beijing rejects the allegations, and has previously said that it opposes and cracks down on all forms of cyber-attack.

In September, the US justice department said it had neutralised a cyber-attack network that affected 200,000 devices worldwide, alleging it was run by hackers backed by the Chinese government.

In February, US authorities also said they had dismantled a network of hackers known as “Volt Typhoon”.

The group was said to be targeting key public sector infrastructure such as water treatment plants and transportation systems at the behest of China.

In 2023, the tech giant Microsoft said Chinese-based hackers seeking intelligence information breached the email accounts of a number of US government agencies.

The group, Storm-0558, had breached email accounts at approximately 25 organisations and government agencies.

Accounts belonging to the state department and the commerce secretary, Gina Raimondo, were among those hacked in that breach.