Chinese Hackers Breach U.S. Treasury, Targeting Sanctions Office

The December cyberattack, attributed to a China state-sponsored group, accessed unclassified documents and sensitive government systems through a third-party software vulnerability.

The U.S. Treasury Department confirmed a major cybersecurity breach in December 2024, with hackers linked to the Chinese government accessing unclassified documents and employee workstations.
The attack targeted the Office of Foreign Assets Control (OFAC), which handles U.S. sanctions, potentially exposing information on sanctions deliberations and prospective targets.
Hackers exploited a stolen security key from BeyondTrust, a third-party software provider, to bypass protections and infiltrate Treasury systems.
The FBI and Cybersecurity and Infrastructure Security Agency (CISA) are investigating the breach, with officials stating there is no evidence of continued access by the attackers.
Lawmakers are demanding a faster response from Treasury Secretary Janet Yellen, seeking details on the breach, its perpetrators, and measures to prevent future incidents.