Hackers backed by the Chinese government broke into U.S. Treasury systems earlier this month, gaining access to employee workstations and some classified documents, U.S. officials said.
The Treasury deemed the breach a “major incident” after disclosing it in a letter informing lawmakers of the incident.
The U.S. agency said it was working with the FBI and other agencies to investigate the impact of the hack.
China denied any involvement, calling the claims “unfounded” and “consistently opposing all forms of hacking.”
This is the latest in a series of high-profile and embarrassing security breaches in the United States that have been blamed on China.
A hack of a telecommunications company in December potentially gave access to phone record data from across American society.
The attack involved China-based actors bypassing security through keys used by third-party service providers, the Treasury Department said in a letter to lawmakers. This application provides remote technical support to your employees.
The compromised third-party service, called BeyondTrust, has since been taken offline, officials said. There is no evidence that the hackers subsequently continued to access Treasury information, the statement continued.
The department said it is working with cybersecurity and infrastructure security agencies and third-party forensic investigators to determine the overall impact.
Officials said their initial investigation suggests the hack was carried out by a “China-based advanced persistent threat (APT) actor.”
“Under Treasury policy, intrusions caused by APTs are considered major cybersecurity incidents,” a Treasury official said.
The Treasury Department monitors the global financial system and economy and has imposed U.S. sanctions against China in recent years.
A spokesperson told the BBC that BeyondTrust became aware of the hack on December 8. According to the company, suspicious activity was first noticed on December 2, but it took three days for the company to confirm the hack.
The spokesperson said the hackers were able to remotely access several Treasury user workstations and some confidential documents held by those users.
The department did not specify the nature of these files or when or for how long the hacking occurred. They also did not specify the level of confidentiality of the computer systems or the positions of employees who had access to the material.
Hackers may have been able to create accounts or change passwords during the three days that BeyondTrust monitored.
It is believed that the hackers were espionage actors and were looking for information rather than trying to steal funds.
The department letter states that a further report on the incident will be provided to lawmakers within 30 days.
Chinese Foreign Ministry spokesman Maoning denied the U.S. claims at a news briefing, calling them “baseless accusations lacking evidence.”
“China consistently opposes all forms of hacking and resolutely rejects the spread of disinformation targeting China for political purposes.”
Last year, two groups suspected of being Chinese government hackers were identified.
Volt Typhoon was accused of infiltrating critical infrastructure organizations for potential disruption attacks, while Salt Typhoon was accused earlier this month of conducting an espionage mission that included hacking communications.
China routinely denies involvement, and a spokesperson for the Chinese Embassy in Washington DC told BBC News that the latest accusations were part of a smear attack with no factual basis.
“The United States must stop using cybersecurity to defame and defame China, and stop spreading all kinds of false information about the so-called Chinese hacking threat,” embassy spokesman Liu Fengyu said.
The United States has provided no evidence that China was responsible for the hacking.
