US Treasury Confirms Major Hack by Chinese State-Sponsored Actors

Fri Apr 17 2026 19:45:06 GMT+0000 (Coordinated Universal Time)

Security breach exposes employee data and unclassified documents, sparking controversy.

The US Treasury Department reported a significant security breach attributed to Chinese hackers, prompting investigations and denial of involvement from Beijing.

In a recent revelation, the US Treasury Department disclosed that it experienced a severe cyber breach orchestrated by China-based hackers earlier this month. Officials reported that the attackers gained access to employee workstations and various unclassified documents in what has been deemed a "major incident".

The news came to light through a letter sent to lawmakers, where the Treasury Department indicated that it was already collaborating with the FBI and multiple agencies to assess the ramifications of the breach. China, however, has rejected these assertions, labeling them as "baseless" and claiming a long-standing opposition to hacking.

This incident adds to a concerning pattern of security violations directed at US institutions, with previous breaches linked to Chinese state actors. A notable prior incident occurred last December, when telecom companies suffered hacks that potentially compromised vast amounts of phone record data from American citizens.

According to the Treasury Department's recent letter, the recent hack reportedly exploited vulnerabilities via a key access point related to a third-party service provider, identified as BeyondTrust, which delivers technical support remotely to Treasury employees. Following the attack, BeyondTrust has been taken offline to prevent further breaches.

Investigations into the incident highlight that "a China-based Advanced Persistent Threat (APT) actor" is likely behind the hack, prompting the Treasury to classify it as a significant cybersecurity incident. The department's responsibilities include oversight of global financial systems, substantiating the critical nature of the breach.

Officials revealed that they learned about the hack on December 8, shortly after BeyondTrust flagged suspicious activity on December 2. The hackers reportedly accessed several user workstations and unclassified documents during this period. However, officials did not disclose specific details regarding the nature of the documents or the duration of unauthorized access.

Treasury officials asserted that their monitoring indicated the intruding hackers aimed to collect intelligence, rather than financially exploit the systems. A more detailed report concerning the breach will be submitted to lawmakers within 30 days.

In response, China's Foreign Ministry, through spokeswoman Mao Ning, refuted the US claims, branding them as accusations lacking substance. She reiterated that China opposes all forms of cyber violations and denounced the notion of political manipulation through claims of hacking.

In recent years, identifiable groups of suspected Chinese state hackers, such as Volt Typhoon and Salt Typhoon, have emerged, with accusations leveled against them for various forms of espionage and infrastructure attacks. Despite the allegations, China continues to disavow its involvement in such hacking activities, calling for an end to the US's alleged smear campaigns against the nation.

The US government has yet to provide concrete evidence to support claims against China regarding the breach, adding another layer of complexity to an already contentious geopolitical landscape.