On December 30, 2024, the US Treasury Department revealed it had been the target of a cyberattack orchestrated by state-sponsored Chinese hackers, according to an internal document.

The breach allowed the hackers to bypass security measures and access non-classified documents after compromising the services of the cybersecurity provider BeyondTrust. The document notes that on December 8, the Treasury was alerted by BeyondTrust that a threat actor had gained access to a security key used to secure a cloud-based service providing remote technical support for Treasury offices.

The attackers managed to circumvent the service's defenses, remotely accessing the workstations of several Treasury users and retrieving non-sensitive documents.

In response, the Treasury confirmed it is collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the extent of the damage caused by the breach. BeyondTrust, based in Georgia, stated that it is investigating the security incident, which has impacted a limited number of clients.

Robert Daly, director of the Kissinger Institute on China and the United States, previously warned about the potential dangers of a Chinese cyberattack targeting US infrastructure, noting the implications for the already strained US-China relations. Reports from November indicated that a hacking group linked to the Chinese government had targeted internet communication networks and legal surveillance systems in the US, raising concerns about the potential acquisition of sensitive intelligence that could pose greater threats to national security.