China slams 'groundless' claims of cyberattack on US Treasury

Beijing on Tuesday hit back at accusations that a China state-sponsored actor was behind a cyber breach at the US Treasury Department, calling the claims "groundless".

The Treasury said the attack resulted in access to some of its workstations, according to a letter to Congress seen by AFP.

According to the Treasury, the incident happened earlier this month, when the actor compromised a third-party cybersecurity service provider and was able to remotely access the workstations and some unclassified documents.

China denied the claims, with the foreign ministry saying Beijing "has always opposed all forms of hacker attacks, and we are even more opposed to the spread of false information against China for political purposes".

"We have stated our position many times regarding such groundless accusations that lack evidence," foreign ministry spokeswoman Mao Ning said.

Earlier, the US Treasury Department said Monday that a China state-sponsored actor was behind a cyber breach resulting in access to some of its workstations, according to a letter to Congress seen by AFP.

The incident happened earlier this month, when the actor compromised a third-party cybersecurity service provider and was able to remotely access the Treasury workstations and some unclassified documents, a Treasury spokesperson added.

Treasury contacted the US Cybersecurity and Infrastructure Security Agency after it was alerted of the situation by its provider BeyondTrust, and has been working with law enforcement partners to ascertain the impact.

"The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information," the department's spokesperson said.

In its letter to the leadership of the Senate Banking Committee, the Treasury said: "Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor."

An APT refers to a cyberattack where an intruder establishes and maintains unauthorized access to a target, remaining undetected for a sustained period of time.

The department did not provide further details on what was affected by the breach, but said more information would be released in a supplemental report at a later date.

"Treasury takes very seriously all threats against our systems, and the data it holds," the Treasury spokesperson added.

The official said that the department would continue working to protect the US financial system from threats.

- Alarm over hacks -

Several countries, notably the United States, have voiced alarm in recent years at what they say is Chinese-government-backed hacking activity targeting their governments, militaries and businesses.

Beijing rejects the allegations, and has previously said that it opposes and cracks down on all forms of cyberattacks.

In September, the US Justice Department said it had neutralized a cyber-attack network that affected 200,000 devices worldwide, alleging it was run by hackers backed by the Chinese government.

In February, US authorities also said they had dismantled a network of hackers known as "Volt Typhoon."

The group was said to be targeting key public sector infrastructure like water treatment plants and transportation systems at the behest of China.

In 2023, tech giant Microsoft said Chinese-based hackers seeking intelligence information breached the email accounts of a number of US government agencies.

The group, Storm-0558, had breached email accounts at approximately 25 organizations and government agencies.

Accounts belonging to the State Department and Commerce Secretary Gina Raimondo were among those hacked in that breach.