The department said on Monday that the hackers were able to compromise a third-party cybersecurity service provider and gain access to the documents in what it described as a “major incident”.
“[The hackers] gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users,” a letter sent by the US Treasury Department to Congress said. “With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
A statement from the Treasury said that the department “takes very seriously all threats against our systems, and the data it holds”.
The Treasury Department was alerted to the hack by the cybersecurity provider, BeyondTrust on December 8. The department says it is working with the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the impact of the hack.
“The compromised BeyondTrust service has been taken offline and there is no evidence indicating the threat actor has continued access to Treasury systems or information,” a spokesperson for the Treasury Department told AFP.
An APT is a cyberattack where the hacker can maintain undetected and unauthorised access to a target for a period of time.
The Treasury Department said that more information would be released in a supplemental report at a later date.
The report of the hack comes less than a month ahead of the inauguration of US President-elect Donald Trump.
MNA/