In December 2024, Chinese state-sponsored hackers breached the U.S. Treasury Department by exploiting a vulnerability in a third-party cybersecurity provider, BeyondTrust. The attackers accessed unclassified documents by stealing a digital key used to secure a cloud-based remote support service, allowing them to remotely access Treasury user workstations.

The breach, labeled a “major incident” by the Treasury, was discovered on December 8 and is attributed to an Advanced Persistent Threat (APT) group linked to China. U.S. agencies including CISA and the FBI are investigating. China has denied responsibility, calling U.S. accusations baseless. The incident reflects a growing pattern of Chinese cyber-espionage targeting trusted third-party services.