← Back to Blog

U.S. Department of the Treasury Hack

March 16, 2025

1.0 Incident

In December of 2024 the US department of the Treasury uncovered there was a cyber-attack by Chinese state sponsored hackers (Reuters, 2024). China denies the attack being a state sponsored attack. The attackers gained access to users' computers by utilizing a remote connection tool and then copied important documents to their own storage systems. The Cybersecurity and Infrastructure Security Agency made an announcement regarding the breach and stated they are taking steps to protect against future issues similar to this and that the only government agency affected by this attack was the Treasury department (CISA, 2025). Although a cyberattack, especially when performed by a foreign country, is not a good thing there are positives to observe in this scenario. The only documents uncovered were unclassified as well as this being an isolated attack seems to make the damage slightly easier to manage. With government agencies holding lots of sensitive information it is important to address what occurred in this scenario to prevent further attacks and damages to national security.

2.0 Analysis

We know the attack has originated in China and is a part of a string of attacks from China that has been targeting the US government. The Chinese government denies it's involvement in the attack however people believe this to be a modern version of espionage to gather information on US activities (Texas Standard, 2025). The US Treasury had actually been attacked through one of their third-party cybersecurity tools called BeyondTrust (Red River, 2025). They used this software to access 419 of the US treasury's devices and export more than 3,000 unclassified documents (Red River, 2025). These third-party systems are very dangerous to the security of any electronic system. When the threat of an attack involves national security, we need to make sure these third-party services are heavily investigated to ensure they do not cause vulnerabilities in our system.

3.0 Assessment

This breach is a very big deal and shows us why the need for improved cybersecurity within the government is so important. The attack started by stealing keys from the BeyondTrust service utilized by the US Treasury department (Kerner 2025). These keys allowed the attackers to utilize the BeyondTrust software and access Treasury department systems to steal valuable documents. The US has a large target on its back, and we need to make sure that Information Security is a priority moving forwards. This attack should serve as a warning shot to US government considering that if this issue was government wide, we would be looking at a much larger case than what occurred from this exploitation. We are lucky that not only was the number of stolen documents relatively low but as well as the documents were unclassified. This attack was one of many and not only China is involved in state sponsored attacks against the US and the CISA department is still relatively new and we can still improve a lot of our country's cybersecurity measures.

4.0 Implications

This attack has great implications on the modern threats against security for the government. Threats to governments information used to be strictly physical however now that technology has advanced up to today's complexity countries are a threat from all the way across the world all day every day. Our security has plenty of room to improve and it is important to especially secure our financial infrastructure due to its impact on the global and nationwide economy (Systma et al., 2024). This attack showed us how severe an attack could be on the US and how many people this could affect. This incident raises concerns about our national security because China and other foreign adversaries will continue to attempt cyberattack against the US. The government need to make sure they are monitoring third party systems that have elevated rights on their infrastructure to prevent attacks similar to this however there is no such thing as a secure system so I think it is most important for the US to make sure we can recover and mitigate against these attacks and data loss as much as possible.

5.0 Solutions

It is very difficult to secure an entire governments cybersecurity infrastructure. However, there are a few things that may help start the processing in improving the national security of our online information. First, I think we made a great step by creating the CISA agency and expanding this agency and making sure it is well running should be an important step to making sure our country is secure. Now the next step I think is vital to the improvement of the US national security is that vendors must agree to follow standards created by the government (Srinivas et al., 2019). This means that contractors and people selling the country a service or item must follow the government's cybersecurity standards. This could have helped prevent the attack on the US Treasury department since this issue originated through third-party software. This would be very important since contractors and vendors play such a large role in the government. Another solution I will suggest is better user training to help prevent cyber-attacks. Better training for government employees would help prevent attacks because a lot of current vulnerabilities involve accidental misuse by users (Norris, Mateczun, Joshi, & Finin, 2018). All in all it is impossible to completely secure a system especially one that is getting hit with cyber-attack attempts 24/7 and the best that we can do is mitigate against these attacks and try to secure our sensitive data to the best of our ability.

6.0 References

Cybersecurity and Infrastructure Security Agency (CISA). (2025). CISA update on Treasury breach. Retrieved from https://www.cisa.gov/news-events/news/cisa-update-treasury-breach

Kerner, S. M. (2025, March 10). Treasury Department hacked: Explaining how it happened. TechTarget. Retrieved from https://www.techtarget.com/whatis/feature/Treasury-Department-hacked-Explaining-how-it-happened

Norris, D. F., Mateczun, L., Joshi, A., & Finin, T. (2018). Cybersecurity at the grassroots: American local governments and the challenges of internet security. Journal of Homeland Security and Emergency Management, 15(4). https://doi.org/10.1515/jhsem-2017-0048

Red River. (2025.). Explaining the 2024 US Treasury Hack: What Happened?. Retrieved from https://redriver.com/cybersecurity/us-treasury-hacked

Reuters. (2024, December 30). US Treasury says Chinese hackers stole documents in 'major incident'. Retrieved from https://www.reuters.com/technology/cybersecurity/us-treasurys-workstations-hacked-cyberattack-by-china-afp-reports-2024-12-30/

Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cybersecurity: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178-188. https://doi.org/10.1016/j.future.2018.09.063v

Sytsma, T., Marrone, J. V., Shenk, A., Leonard, G., Grek, L., & Steier, J. (2024). Technological and economic threats to the U.S. financial system (RAND Report No. RRA2533-1). RAND Corporation. Retrieved from https://web.archive.org/web/20240213225216id_/https://www.rand.org/content/dam/rand/pubs/research_reports/RRA2500/RRA2533-1/RAND_RRA2533-1.pdf

Texas Standard. (2025). China-backed hackers breached the US Treasury Department. Here's what we know.. Retrieved from https://www.texasstandard.org/stories/china-us-treasury-department-hack-breached-chinese-government/