Chinese state-sponsored hackers infiltrated the U.S. Treasury Department's systems this month, gaining access to sensitive, unclassified documents, according to a letter shared with lawmakers and obtained by Reuters. 

The breach, described by the department as a "major incident," exploited vulnerabilities in third-party cybersecurity provider BeyondTrust. The hackers reportedly accessed a key used by BeyondTrust to secure a cloud-based remote support service for the Treasury's Departmental Offices. This allowed them to override the service's security, remotely access workstations, and retrieve certain documents, the letter revealed. Treasury officials attributed the attack to a Chinese state-sponsored Advanced Persistent Threat (APT) group, according to the Reuters report.

The breach was detected on December 8 by BeyondTrust, which notified the U.S. Treasury Department. The department is now collaborating with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to evaluate the scope of the incident.

In a statement, BeyondTrust confirmed that it had identified and addressed the security flaw, notifying impacted customers and law enforcement. The company noted that the breach involved a compromised digital key and is continuing its investigation.

China's foreign ministry denied any involvement. A spokesperson for the Chinese Embassy in Washington dismissed the accusations as baseless and politically motivated.

Tom Hegel, a cybersecurity expert at SentinelOne, indicated that the tactics used in the breach align with established methods employed by Chinese-linked groups. These actors often target trusted third-party service providers, a strategy that has become more prevalent in recent years, as per the report.