In early December 2024, the U.S. Department of the Treasury experienced a cybersecurity breach. Though China denies involvement, the breach is attributed to a Chinese state-sponsored Advanced Persistent Threat (APT) actor.
The attackers allegedly obtained an authentication key through BeyondTrust, a third-party service provider for the Treasury, allowing them to bypass security measures and access certain unclassified documents within the department.
While the specific content of the unclassified documents has not been publicly disclosed, the Treasury Department stated in a letter to Chairman Brown and Sen. Scott that the compromised service has been taken offline.
Currently, there is no evidence to suggest that the threat actor still has access to Treasury systems or information. However, the Treasury Department plans to release a supplemental report within 30 days to provide more detailed insights into the breach.
Newsweek has reached out to cybersecurity experts to assess the implications of this breach, highlighting its severity and potential long-term risks.
From Dr. Shambhu Upadhyaya: China's Latest Attack on the U.S. Treasury Department Could Increase Tensions
The alleged hack of the U.S. Treasury department by China is one of several known attacks targeting U.S. critical infrastructure and government agencies. This incident is particularly significant for several reasons—it involves a nation-state actor perceived as one of our greatest adversaries, and it directly targets the national treasury and financial department. Such an attack will undoubtedly heighten tensions between the two nations and prompt the U.S. to remain vigilant against similar threats in the future.
This event also has broader implications for global security. Cybersecurity is an ongoing arms race, and staying ahead of adversaries requires increased investment in cyber defenses. In the coming years, we can expect the U.S. to allocate more resources toward cybersecurity, focusing on AI-driven innovations for enhanced cyber defense and expanding workforce development efforts to meet the growing demand for skilled professionals in this critical field.
Dr. Shambhu Upadhyaya, Director, Cybersecurity MS Program, Professor, Computer Science and Engineering, University at Buffalo
From Dr. William C. Banks: Cybersecurity Remains a Top Concern as International Threats Increase
The Chinese hack of the U.S. treasury is likely just another step in the escalating cyber conflict between the U.S. and China. It is noteworthy that the U.S. was able to openly attribute the hack to a Chinese state sponsor—attribution is not typically straightforward, and our adversaries work hard to cover their tracks. The international cyber conflict is ongoing and escalating and is really just a contemporary and high tech version of the espionage battles that have always been waged in international relations. The U.S. concerns are significant but will not alter our basic posture in relation to China.
Dr. William C. Banks, College of Law Board of Advisors Distinguished Professor, Professor of Law and Professor of Public Administration and International Affairs Emeritus
From Dr. Vir V. Phoha: China's Attack on the Treasury Department Will Have a Ripple Effect on Nationwide Security Measures
The alleged cyberattack on the US Treasury is significant because it demonstrates Chinese capabilities to bypass US Treasury cyber defenses. As the financial governing and regulatory body, the US Treasury enforces economic sanctions against foreign threats and enhances financial system safeguards.
Although, the reported attack compromised a workstation used for remote technical help by the third-party software vendor BeyondTrust, which had access to cloud-based services, it could have compromised keys to sensitive data and processes, leading to undermining the integrity of the US Department of Treasury's operations, such as overriding sanctions and removing blacklisted Chinese commercial companies.
Additionally, China's disregard for potential ramifications, including detection, traceback, and attribution of this attack, could worsen existing mistrust between the two nations and lead to possible US counterattacks on Chinese infrastructure. This situation will certainly result in a serious look at security measures at US institutions.
Dr. Vir V. Phoha, Ph.D., Professor of EE and CS, College of Engineering and Computer Science, Syracuse University, New York
From Dr. James (Jim) Curtis: China's Attack on the Treasury Department is Not Significant
I would not consider this breach to be a 'significant' development because it is another in a series of examples of the pattern of cyberattacks used by the PRC. It is not even a novel attack in the way it was conducted.
China used a third-party cybersecurity vendor, BeyondTrust, as a venue to obtain access to Treasury department's workstations and, from the government's report, obtain unclassified information. It fits into the standard operations of the PRC to probe government and industry online records for the purpose of stealing proprietary information, obtaining policies and plans about China, and inserting spyware or other malware for future uses as part of a larger offensive.
It is another indicator as to why every element of an online system must be protected because the weak link is often a vulnerability within the system's maintenance, third-party vendors, or administrative systems which enable the attacker to succeed.
Dr. James (Jim) Curtis, Ph.D., Associate Professor, Chair, Computer & Information Sciences Department, Webster University
From Dr. Ali Dehghantanha: China's Attack on the Treasury Department Had a Two-Pronged Approach
From a technical standpoint, the Treasury's infrastructure, which is likely integrated with numerous financial and regulatory systems, makes it a prime target for both data exfiltration and operational disruption. Such an attack could exploit weaknesses in API integrations or insufficient lateral movement detection capabilities, allowing adversaries to compromise sensitive systems at scale.
The implications extend beyond immediate technical damages. Strategically, this incident can be viewed as a component of hybrid warfare, where cyberattacks serve as a means to erode trust in governmental institutions while probing for systemic weaknesses in economic and security infrastructures. The breach further underscores the criticality of developing international cyber norms to address state-backed aggression, as well as fostering public-private partnerships to harden critical infrastructure defenses.
For U.S.-China relations, this incident could significantly increase the urgency of cyber diplomacy while exacerbating tensions in other domains, including trade and military affairs. It also signals a potential pivot in the global cybersecurity ecosystem, where nations may double down on cyber deterrence strategies, including retaliatory cyber operations or economic sanctions.
Globally, the incident serves as a wake-up call for institutions managing sensitive or critical data. The increasing frequency of nation-state operations underscores the need for adopting advanced cybersecurity architectures, such as zero trust, combined with real-time threat intelligence sharing and cross-border incident response capabilities.
Dr. Ali Dehghantanha (Ph.D., CISSP, CISM), Professor and Canada Research Chair in Cybersecurity & Threat Intelligence, University of Guelph
From Dr. En-hui Yang: China's Attack on the Treasury Department Highlights Need for Cybersecurity Investments
I haven't been closely following the news about the hack of the U.S. Treasury, though such incidents could happen to any organization. The Internet, as we know it, was designed for convenience, not security, making it a natural target for bad actors from around the world.
While law enforcement remains a critical line of defense, the need for advanced technologies to protect our digital economy is more pressing than ever. At my Waterloo-based startup, we are actively developing innovative data security solutions that seamlessly create a secure "sub-Internet" within the broader, insecure Internet. These solutions leverage cryptography to secure and authenticate every execution point—users, devices, applications, and server operating systems—ensuring a robust foundation for digital trust.
Dr. En-hui Yang, Professor, Department of Electrical and Computer Engineering, University of Waterloo
From Dr. Kami Vaniea: China's Attack on the Treasury Department Shows Cybersecurity Companies Are Under Constant Threat
The U.S. Treasury attack is significant in that it is an example of attacking a high-value target by targeting the software providers they rely on. Organizations like BeyondTrust are used by many companies and government organizations. When they become hacked, their clients can become compromised as well. The Snowflake data breach earlier this year similarly lead to losses for their clients.
We have recently seen an increase in the targeting of security service companies with the goal of gaining access to their clients. The trend is likely to continue into 2025 and is a threat to global security. To combat attacks on suppliers, countries are trying various approaches. The United Kingdom, for example, has implemented security requirements for all government contractors called Cyber Essentials. Canada has a similar CyberSecure certification. The United States is considering requiring a Software Bill of Materials (SBOM).
Dr. Kami Vaniea, Associate Professor at the University of Waterloo's Electrical and Computer Engineering Department
From Leeza Garber: China's Attack on the Treasury Highlights the Urgent Need for Improved Economic Conflict Strategies
The recent Chinese-backed hack of the United States Treasury is significant for U.S.-China relations in countless ways. Most importantly, it highlights how we are constantly fighting an international global cyberwar that requires dedication, resources, and a deep understanding of how to handle an evolving conflict.
While federal agencies are gaining better budget for cybersecurity offense and defense, there is so much work to be done. Enemy countries have dedicated hacking teams fighting for information domination on an astounding scale - which is illustrated by this hack coming on the heels of the massive telecom hack pulled off over the last few months.
Our relationship with China will be further complicated this year by trade, TikTok, and Trump. We need to come together as a team: the public and private sectors, white hats and red hats, large and small, to build upon an already talented but overtasked team.
Leeza Garber, Esq., Adjunct Law Professor at Drexel University's Thomas R. Kline School of Law; Leeza Garber Esq. Legal Consulting (Executive Education)
.png)
English (US) ·