Beijing Rejects Allegations of Cyberattack on U.S. Treasury

On Tuesday, December 31, the Chinese government vehemently denied accusations that a state-sponsored hacker was responsible for a recent cyber breach at the U.S. Treasury Department, labeling the claims as “groundless.” This response came after the U.S. Treasury revealed in a letter to Congress, viewed by AFP, that the cyberattack had compromised several of its workstations.

The breach was initiated earlier this month when an attacker exploited vulnerabilities in a third-party cybersecurity provider, BeyondTrust, allowing remote access to Treasury workstations and some unclassified documents. The U.S. Treasury promptly notified the Cybersecurity and Infrastructure Security Agency (CISA) following the alert from BeyondTrust and has since been collaborating with law enforcement to assess the damage. The compromised service has been taken offline, and there is currently no evidence suggesting ongoing unauthorized access to Treasury’s systems, according to a Treasury spokesperson.

Mao Ning, a spokeswoman for China’s Foreign Ministry, articulated Beijing’s stance, dismissing the allegations as baseless and emphasizing China’s opposition to any form of cyberattack. She critiqued the accusations for lacking evidence and accused the U.S. of spreading misinformation for political gain.

The Treasury’s communication to the Senate Banking Committee leadership identified the incident as the work of a China state-sponsored Advanced Persistent Threat (APT) actor. An APT involves sophisticated and long-term cyber intrusions where attackers maintain access to systems without detection. Details on what was exactly compromised are yet to be disclosed, with a supplemental report expected to provide more clarity at a later date.

The U.S. Treasury underscored its commitment to safeguarding its systems, highlighting the seriousness with which it treats all threats to its data.

International Concerns Over Chinese Cyber Operations

This incident adds to a series of international concerns regarding alleged Chinese cyber activities. Over recent years, the U.S. and other nations have expressed significant alarm over what they describe as Beijing’s state-backed hacking efforts targeting government, military, and business sectors.

China has consistently refuted these accusations, claiming a stance against all cyberattacks and asserting efforts to combat such activities within its borders.

Notably, in September, the U.S. Justice Department announced it had disrupted a vast cyberattack network impacting 200,000 devices globally, which they attributed to Chinese government-backed hackers. Earlier in February, the dismantling of another group, Volt Typhoon, was announced, which had reportedly targeted critical U.S. infrastructure at China’s direction.

Additionally, in 2023, Microsoft disclosed that another Chinese hacking group, Storm-0558, had infiltrated email accounts of various U.S. government agencies, including those of the State Department and Commerce Secretary Gina Raimondo, aiming to gather intelligence.

These events continue to strain U.S.-China relations, raising questions about cybersecurity, international law, and the ethics of state-sponsored cyber operations.