US Treasury hacked: Are China and the US stepping up their cyberwar?

The United States Department of the Treasury on Monday blamed China for breaching its network and gaining access to information that includes unclassified documents.

Beijing has denied the allegation, calling it “groundless”.

The alleged hacking comes weeks after Beijing accused Washington of carrying out two cyberattacks on Chinese technology firms.

With Washington and Beijing trading blame, we assess the history of cyberwarfare between the world’s two largest economies and whether it has intensified.

Who hacked the US Treasury Department?

The US Treasury Department accused Chinese state-sponsored hackers of breaking into its system this month and accessing employee workstations and unclassified documents.

The department said the hackers gained access by overriding a security key used by third-party cybersecurity provider BeyondTrust, which provides technical support remotely to Treasury employees.The Treasury Department made these details public on Monday in a letter to the US Congress. The attack was caused by “a China-based Advanced Persistent Threat (APT) actor”, the letter said.

The department, however, did not specify the number of workstations compromised, the nature of the files, the exact timeframe of the hack and the confidentiality level of the stations compromised.

On December 8, Treasury was alerted about a hack by BeyondTrust. The BBC reported that BeyondTrust first suspected unusual activity on December 2 but took three days to determine it was hacked.

How did the US Treasury Department respond?

The department said there is no evidence that the hackers still have access to department information and the compromised BeyondTrust has been taken offline.

It is assessing the impact of the hack with the assistance of the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). The hack is being investigated as a “major cybersecurity incident”.

The department’s letter to Congress added that supplemental information about the attack would be sent to US lawmakers in 30 days.

“Over the last four years, Treasury has significantly bolstered its cyber defence, and we will continue to work with both private and public sector partners to protect our financial system from threat actors,” a spokesperson for the department said in a separate statement.

How has China responded?

China has denied the department’s accusations, and its Ministry of Foreign Affairs said Beijing condemns all forms of hacker attacks.

“We have stated our position many times regarding such groundless accusations that lack evidence,” ministry spokesperson Mao Ning was quoted as saying by the AFP news agency.

A spokesperson for the Chinese embassy in the US, Liu Pengyu, denied the department’s allegations. “We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber-incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations,” he said, according to a BBC report.

“The US needs to stop using cybersecurity to smear and slander China and stop spreading all kinds of disinformation about the so-called Chinese hacking threats.”