WASHINGTON (CN) — The U.S. Department of the Treasury said on Monday that Chinese-backed hackers had breached its workstations and gained access to unclassified documents earlier this month in what it described as a “major cybersecurity incident.”
The announcement comes just over a month after the Senate Intelligence Committee revealed recent Chinese hacks into the U.S. telecommunications system resulting in access to telephone conversations and text messages, potentially those of high-profile targets like Donald Trump and JD Vance.
In a letter to lawmakers informing them of the breach, the Treasury Department’s Assistant Secretary for Management Aditi Hardikar said the department had been notified on Dec. 8 by a third-party security software company, BeyondTrust, that the hackers obtained a security key with that allowed them to remotely gain access to certain Treasury workstations and documents on them.
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” Hardikar said in the letter. “In accordance with Treasury policy, intrusions attributable to an APT are considered a major cybersecurity incident.”
Hardikar said in the letter to Committee on Banking, Housing and Urban Affairs Chairman Sherrod Brown and Ranking Member Tim Scott that the department is working with the Cybersecurity and Infrastructure Security Agency, the FBI, the intelligence community and third-party investigators to gauge the breach and its impact.
According to Hardikar, the compromised BeyondTrust services were taken offline and there is no evidence the hackers still have access to any Treasury information.
Monday’s letter is the most recent in a string of cybersecurity incidents between the U.S. and China, following a major breach of American telecommunications systems by Chinese hacking group nicknamed Salt Typhoon.
Microsoft’s cybersecurity team uncovered the breach over the summer, which targeted major companies like AT&T, Verizon and Lumen. Salt Typhoon, which is reportedly tied to China’s Ministry of State Security, gained access to conversations held by Trump and Vance, among other Americans.
Salt Typhoon also obtained a nearly complete list of phone numbers wiretapped by the Justice Department to monitor individuals suspected of espionage or crimes, potentially revealing any outed Chinese spies.
Following the Salt Typhoon hack, the Commerce Department said it would ban the few remaining operations of China Telecom, one of China’s largest communication companies, from the United States.
Monday’s announcement also comes as the popular social media app TikTok, owned by Chinese parent company ByteDance, faces a looming Jan. 19 ban due to national security concerns regarding its ownership.
TikTok has petitioned the Supreme Court to stay the ban pending the high court’s ruling on the constitutionality of the bipartisan Protecting Americans from Foreign Adversary Controlled Applications Act. Trump, who has recently pledged to save TikTok, also urged the justices to stay the ban in an amicus brief despite initially moving to ban the app during his first term.
The high court scheduled arguments in the expedited case for Jan. 10.
During oral arguments before the D.C. Circuit, the Justice Department defended the statute and its requirement that TikTok either divest itself from ByteDance or face the ban by pointing to concerns that China could use the app to manipulate users’ feeds “covertly” while also obtaining users’ personal information.
The Justice Department did not provide evidence of such content manipulation or personal-information gathering to support its position.
U.S. Senior Circuit Judge Donald Ginsburg wrote in the three-judge panel’s opinion siding with the government that the national security concerns and determinations by Congress and Presidents Trump and Joe Biden that China was a foreign adversary sunk TikTok’s First Amendment arguments.
Further, the Ronald Reagan appointee said the statute was “wholly consistent” with the First Amendment, as it did not target specific types of speech on the app and was therefore content neutral.
The Treasury Department did not respond to a request for comment regarding Monday’s letter.
Hardikar said in Monday’s letter that the Treasury would provide a more detailed report in 30 days.