Foreign state-sponsored thieves broke into the servers of senior , U. S. Treasury Department , frontrunners as part of a new violation of the organization, according to a , U. S.  , standard and another man familiar with the matter.
According to the people who asked not to be identified because the investigation is ongoing, the thieves were able to get unidentified stuff stored locally on the top officials ‘ computers. These were among the laptops and desktops that were infiltrated. They didn’t identify which senior officials ‘ laptops were breached.
Researchers have so far found around 100 government servers that were compromised, according to the , U. S.  , official, who added that the thieves accessed documents and papers for policy choices, itineraries and travel planning documents for , Treasury , leaders, as well as some internal communications. The company is also assessing what was taken, but the attackers didn’t sacrifice the department’s email program or defined systems, according to both people.
These details of the violation, which haven’t been previously reported, offer a fuller view of what , U. S.  , officials have said was a foreign competitor’s incursion into an organization key to managing the federal loan, issuing sanctions and shaping , U. S.  , monetary policy.
Chinese officials have long denied , U. S.  , allegations of state-sponsored cyberattacks, and a , Chinese Foreign Ministry , spokesperson this week called the claims that it’s behind the , Treasury , hack “unwarranted and groundless”.
Treasury , spokesperson , Lily Adams , declined to comment on Thursday. In a , Dec. 30 , letter to , Congress , reviewed by , Bloomberg News, the agency characterized the breach as a “major cybersecurity incident” and said the hackers got in through a software provider,  , BeyondTrust Inc.  , The , Georgia-based company sells managed access software and other cybersecurity products.
A , Treasury , spokesperson previously said the compromised BeyondTrust service had been taken offline, and that there’s no evidence the hackers continue to have access to the department’s information.
The hackers breached the , Office of the Treasury Secretary , and the , Office of Foreign Assets Control, which administers economic sanctions, the , Washington Post , reported Wednesday.
The Chinese government would have been of great interest in learning about the Treasury’s sanctions deliberations in the previous year. While visiting , Beijing , in April, Treasury Secretary , Janet Yellen , made clear to her counterparts that , Washington , would act to sanction Chinese financial firms if they were found financing trade with , Russia , that bolstered Moscow’s war with , Ukraine.
” I stressed that companies, including those in the PRC, must not provide material support for Russia’s war, and that they will face significant consequences if they do”, Yellen told reporters during an , April 8 , press conference at the , U. S.  , ambassador’s residence in , Beijing, using an abbreviation for the People ‘s , Republic of China.
” Any banks that facilitate significant transactions that channel military or dual-use goods to Russia’s defense industrial base expose themselves to the risk of , U. S.  , sanctions”.
In the ensuing nine months, the , Treasury , hasn’t sanctioned any Chinese financial firms.
The attack on the , Treasury Department , lacked the stealth of previous cyber espionage campaigns blamed on , China, including a recent one targeting , U. S.  , telecommunications companies, according to the , U. S.  , official and the person with knowledge of the breach.
Instead, according to them, the hackers appear to have opportunistically taken what was stored on the hard drives of the machines using the BeyondTrust system.  , China , has denied involvement in the hack of the telecommunications sector.
In the , Treasury , attack, the hackers illegally accessed a “key used by the vendor to secure a cloud-based service” that, in turn, provides technical support to the department,  , Treasury , said in its letter to , Congress.  , BeyondTrust Inc.  , informed , Treasury , of the breach on , Dec. 8, according to the letter.
A small number of customers, according to BeyondTrust, were informed of the breach while law enforcement and the company supported its clients and the investigation. Company spokesman , Mike Bradshaw , declined further comment on Thursday.
According to government data compiled by Bloomberg, BeyondTrust holds contracts with the federal government worth more than$ 4 million. In addition to , Treasury, the data show, BeyondTrust does business with the , Department of Defense,  , Department of Veterans Affairs , and the , Department of Justice, along with other agencies.
A , Department of Defense , spokesperson said Tuesday that it had not received a notification about the breach from BeyondTrust. Officials with the , Justice Department , and , Department of Veterans Affairs , haven’t responded to separate requests for comment.
___
© 2025 Bloomberg L. P
Distributed by Tribune Content Agency, LLC.
