The US Treasury Department confirmed that a China state-sponsored actor was responsible for a recent cyber breach, compromising its workstations and some unclassified documents. The incident occurred earlier this month when the actor gained access through a third-party cybersecurity provider, BeyondTrust. Once the breach was detected, Treasury swiftly contacted the US Cybersecurity and Infrastructure Security Agency and began working with law enforcement to investigate the incident and assess its impact.

In a letter to the Senate Banking Committee, the Treasury Department attributed the attack to a Chinese state-sponsored Advanced Persistent Threat (APT) actor. An APT is a type of cyberattack where an intruder maintains undetected access to a target system over an extended period. Treasury's spokesperson confirmed that the compromised BeyondTrust service had been taken offline, and there was no evidence of continued access to the Treasury’s systems or sensitive information. Additional details on the breach are expected to be released in a future report.

This incident highlights ongoing concerns over China-backed hacking activity, which has targeted various government entities and private organizations in recent years. The US government has previously taken action against Chinese-backed hackers, including dismantling cyber networks and disrupting hacking groups like "Volt Typhoon" and "Storm-0558." Despite these efforts, Beijing continues to deny involvement in cyberattacks and opposes all forms of cybercrime. The US Treasury has emphasized its commitment to securing the financial system and defending against cyber threats.