Chinese state-sponsored hackers broke into the US Treasury Department earlier this month and stole documents from its workstations.
According to a letter to lawmakers provided to Reuters, hackers compromised a third-party cyber security service provider and were able to access unclassified documents in what it called a "major incident."
Hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users."
After being alerted by cyber security provider BeyondTrust, the Treasury Department said it was working with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack's impact.
The FBI did not immediately respond to Reuters requests for comment, while CISA referred questions back to the Treasury Department.
BeyondTrust didn't immediately return messages seeking comment but, on its website, the company said it had recently identified "a security incident" that involved a "limited number" of customers of its remote support software. The statement said a key had been compromised in the incident and that an investigation was underway.
A spokesperson for the Chinese Embassy in Washington didn't immediately return comment. Beijing routinely denies responsibility for cyber espionage incidents.
