The US Treasury Department has revealed that it was hit by a significant cyberattack earlier in December, which has been attributed to Chinese government hackers. In a letter to lawmakers, the department disclosed that the hackers gained remote access to certain Treasury employee workstations and had access to unclassified documents.

The incident was first detected on December 8, when BeyondTrust, a company that provides identity access and remote support technology for large organizations and government departments, notified the Treasury that hackers had gained access to a key used by the vendor for providing remote access technical support to Treasury employees. BeyondTrust had disclosed the incident at the time but did not reveal how the key was obtained.

The Treasury Department engaged the US Cybersecurity and Infrastructure Security Agency (CISA) for assistance and, as of December 30, has "no evidence indicating the threat actor has continued access to Treasury information." However, the department confirmed that it attributed the breach to a China state-sponsored advanced persistent threat group, indicating backing from the Chinese government.

The extent of the breach is still unclear, but a Treasury spokesperson stated that the hackers were able to "remotely access several Treasury user workstations and certain unclassified documents maintained by those users." The spokesperson emphasized that the department takes all threats against its systems seriously and has significantly bolstered its cyber defense over the past four years.

This incident is the latest in a series of cyberattacks linked to China that have targeted the US government in recent months. China-backed hackers, dubbed Salt Tycoon, were behind a wave of cyberattacks targeting US phone companies and internet giants, including AT&T and Verizon, in a bid to gain access to the private communications of senior US government officials, including presidential candidates.

The Chinese Embassy in Washington, D.C. did not immediately return a request for comment on the incident. The Treasury Department's confirmation of the cyberattack raises concerns about the vulnerability of US government agencies to state-sponsored cyber threats and the need for enhanced cybersecurity measures to protect sensitive information.

The incident also highlights the importance of collaboration between private and public sector partners to protect the US financial system from threat actors. As the US government continues to grapple with the growing threat of cyberattacks, this latest incident serves as a stark reminder of the need for vigilance and proactive measures to safeguard against these types of threats.