Beijing Denies Involvement In US Treasury Cyberattack

China’s foreign ministry slams “groundless” accusations that a China state-sponsored actor hacked US Treasury systems

Getting your Trinity Audio player ready...

Chinese officials have responded after a China state-sponsored attack group in a “major incident”infiltrated workstations at the US Treasury department this month and stole files.

The Guardian reported that Beijing hit back at the accusations, calling the claims “groundless”. On Tuesday, China’s foreign ministry reportedly said Beijing “has always opposed all forms of hacker attacks, and we are even more opposed to the spread of false information against China for political purposes”.

Earlier this week the Chinese embassy in Washington, DC had told Reuters that the country rejected responsibility for the attack and that it opposes US “smear attacks against China without any factual basis”.

The US Congress, Senate, Capitol, US government
Image credit: Unsplash

China denial

“We have stated our position many times regarding such groundless accusations that lack evidence,” the foreign ministry spokesperson Mao Ning was quoted by the Guardian as saying.

It should be noted that Beijing routinely denies any hacking allegations, and has previously stated that it opposes and cracks down on all forms of cyberattacks.

The hackers compromised a third-party remote management service provided by BeyondTrust and gained access to unclassified documents, according to a letter sent by the Treasury to US lawmakers on Monday.

The attackers gained access to a key used by the vendor to secure a cloud-based service that provides technical support for end users at Treasury departmental offices, the department said.

With access to the stolen key, the threat actor was able to override the service’s security, remotely access some workstations and access unclassified documents maintained by those users, the letter said.

The US Treasury said it was alerted to the breach by BeyondTrust on 8 December and that it was working with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the impact of the attack.

“Based on available indicators, the incident has been attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor,” said US Treasury assistant secretary for management Aditi Hardikar in the letter.

The compromised service has been taken offline, the Treasury said in a separate statement.

“There is no evidence indicating the threat actor has continued access to Treasury systems or information,” the department stated.

In its letter to the leadership of the Senate banking committee, the US Treasury said: “Based on available indicators, the incident has been attributed to a China state-sponsored advanced persistent threat (APT) actor.”

Other incidents

This is not the first time that China-backed hackers has been accused of hacking into US government departments.

In July 2023 for example, Microsoft acknowledged that hackers suspected to be allied to the Chinese government, had accessed the accounts of about 25 organisations, including the US Commerce and State Departments.

Microsoft later revealed that the attack group Storm-0558, affiliated with the People’s Republic of China, had used an acquired Microsoft account (MSA) consumer key to forge tokens to access OWA (Outlook Web Access) and Outlook.com.

In October 2023 the US State Department confirmed the Microsoft hack was linked to China, and resulted in theft of about 60,000 emails from 10 accounts, including the US ambassador to China.

And the US government responded, when in 2023 it launched an operation to fight a Chinese state-sponsored hacking network aimed at disrupting US military communications and US critical infrastructure.

That US operation targetted a botnet set up by a group known as Volt Typhoon, which first came to light in May 2023.

In September 2024, the US justice department said it had neutralised the cyberattack network that affected 200,000 devices worldwide, alleging it was run by hackers backed by the Chinese government.

The hackers apparently tried to fight back against the US takedown of their 260,000-device botnet by the FBI.