Chinese hackers access US Treasury workstations in 'major incident'

Chinese hackers have remotely accessed several US Treasury Department workstations and unclassified documents after compromising a third-party software service provider, the agency said.

The US Treasury did not provide details on how many workstations had been accessed or what sort of documents the hackers may have obtained, but it said in a letter to legislators revealing the breach that "at this time there is no evidence indicating the threat actor has continued access to Treasury information".

The hack is being investigated as a "major cybersecurity incident", officials added.

The US Treasury "takes very seriously all threats against our systems, and the data it holds", a department spokesperson said in a separate statement.

"Over the last four years, (the) Treasury has significantly bolstered its cyber defence, and we will continue to work with both private and public sector partners to protect our financial system from threat actors."

In Beijing, a Foreign Ministry spokesperson gave China's standard response to hacking allegations.

Mao Ning said at a daily briefing: "We have repeatedly stated our position on such groundless accusations that lack evidence.

"China consistently opposes all forms of hacking, and we are even more opposed to the dissemination of false information against China for political purposes."

The incident comes as US officials are continuing to grapple with the fallout from a massive Chinese cyberespionage campaign known as Salt Typhoon that gave officials in Beijing access to private texts and phone conversations of an unknown number of Americans.

A senior White House official said on Friday that the number of telecommunications companies confirmed to have been affected by the hack has now risen to nine.

The Treasury Department said it learned of the latest problem on December 8, when a third-party software service provider, BeyondTrust, flagged that hackers had stolen a key "used by the vendor to secure a cloud-based service used to remotely provide technical support" to workers.

That key helped the hackers override the service's security and gain remote access to several employee workstations.

Aditi Hardikar, an assistant Treasury secretary, told the Senate Banking Committee that the compromised service has since been taken offline, and there is no evidence that the hackers still have access to department information.