On Monday, December 30, a **notification** from the U.S. Treasury Department to lawmakers disclosed that hackers funded by China managed to infiltrate the department’s systems earlier this month, obtaining government documents.

This occurrence, **initially reported by Reuters**, highlights another instance of state-sponsored cyber espionage aimed at U.S. government agencies. This announcement follows closely after **AT&T and Verizon dealt with the Salt Typhoon breach**, yet another significant cyber incident. In a communication to Senator Sherrod Brown, chair of the Committee on Banking, Housing, and Urban Affairs, the Treasury acknowledged that the breach occurred in December.

The letter indicates that the breach was detected by BeyondTrust, an external cybersecurity provider. The cybercriminals allegedly compromised a key that secures a cloud-based service essential for delivering remote technical assistance to the department’s offices.

“By gaining access to the compromised key, the threat actor was able to bypass the service’s security, remotely access certain Treasury DO user workstations, and retrieve certain unclassified documents held by those users,” the letter mentioned.

The Treasury revealed that it became aware of the breach on December 8 and is currently collaborating with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to evaluate the severity of the attack. While there has been no comment from the FBI regarding the situation, CISA has referred inquiries back to the Treasury.