CISA says ‘no indication’ other US government agencies affected in Treasury hack

(Image credit: Medium)

The US Treasury Department suffered a cyberattack in late 2024
CISA has confirmed it does not believe any other agencies were affected
The hack has been attributed to a Chinese threat actor

The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that there is currently ‘no indication’ that any other federal government agencies were impacted by the recent suspected state-sponsored hack against the US Treasury Department.

The December 2024 hack was declared a ‘major incident’, as key systems were left vulnerable, with the attack resulting in stolen documents and breached systems, and an initial agency assessment concluding the attack was carried out by a ‘China-based Advanced Persistent Threat Actor’, officials said.

By compromising third-party security provider BeyondTrust, attackers were able to gain remote access used by the vendor to override some Treasury Department systems, but despite BeyondTrust supplying security solutions for multiple agencies such as CISA, NSA, and NIST, the Treasury seems to be the only compromised department.

A combined effort

The breach was short lived, with suspicious activity first spotted on December 2, and the Treasury was notified by BeyondTrust on December 8. The Treasury is required by law to provide an update within 30 days, so more details about the nature of the stolen files is likely to be revealed later this month.

China has of course denied any involvement with the breach, and has confirmed the state ‘consistently opposes all forms of hacking and firmly rejects the dissemination of false information targeting China for political purposes’.

“CISA is working closely with the Treasury Department and BeyondTrust to understand and mitigate the impacts of the recent cybersecurity incident,” the agency confirmed in a statement.

“At this time, there is no indication that any other federal agencies have been impacted by this incident. CISA continues to monitor the situation and coordinate with relevant federal authorities to ensure a comprehensive response.”

Take a look at our pick of the best endpoint protection software
Japan’s largest telco NTT Docomo disrupted by DDoS attack
Check out our pick for best antivirus software

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.