On Dec. 8, cybersecurity company BeyondTrust notified the US Department of the Treasury of a threat actor intrusion, according to a letter Treasury sent to the US Senate Committee on Banking, Housing, and Urban Affairs.This incident joins the list of other attacks attributed to China state-sponsored advanced persistent threat (APT) actors. How was this attack executed, and what is the outlook for ongoing cyber threats from China?The US Treasury HackThe threat actor gained access to Treasury end user workstations via a compromise of BeyondTrust. The threat actor was able to use a stolen key to override the services security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users, according to the letter.As of Jan. 6, BeyondTrust fully patched vulnerabilities relating to the SaaS instances of BeyondTrust Remote Support, according to the companys security advisory.BeyondTrust previously identified and took measures to address a security incident in early December 2024 that involved the Remote Support product. BeyondTrust notified the limited number of customers who were involved, and it has been working to support those customers since then, a BeyondTrust spokesperson shared via email.Related:The threat actor targeted the Office of Foreign Assets Control (OFAC), the Office of Financial Research (OFR), and US Treasury Secretary Janet Yellens office, The Guardian reports.OFAC administers a number of sanctions programs; threat actors could have targeted OFAC to gain insight into forthcoming US sanctions.It's a more targeted approach designed specifically to get an inside look [at], potentially, future US policy, John Ghose, government investigations and enforcement attorney and special counsel at law firm Baker Donelson, tells InformationWeek.It is also possible the hackers have other motivations. Their intention will probably be to manipulate or degrade the integrity of the data associated with the sanctioned personalities in China, says Tom Kellerman, senior vice president of cyber strategy at application security company Contrast Security. Is there a process ongoing right now to verify the integrity of the data associated with the multitude of Chinese citizens that have been sanctioned by Treasury?Chinese Cyber Threats and US ResponseChinese officials frequently deny involvement in hacking operations, but the US linked China state-backed threat actors to several major intrusions, including the Treasury breach.Related:The major telecommunications hack discovered last year was linked to APT Salt Typhoon. China state-backed actors were also found responsible for the 2015 breach of the US Office of Personnel Management (OPM), which impacted the data of 35 million government employees. In 2020, the US Department of Justice charged four Chinese military-backed hackers for their involvement in the 2017 breach of credit reporting agency Equifax.While the Treasury and telecommunications hacks have come to light recently, cyber threats from China are ongoing. Cyber insurgency within US critical infrastructure is far deeper than just Treasury, says Kellerman.China-backed APT groups may be lurking in US government and company systems as a part of espionage campaigns, but there is growing concern about the potential for disruptive cyberattacks that cripple critical infrastructure if geopolitical tensions boil over into outright conflict. What can be done as nation state cyber threats continue to loom?Sanctions are a common response. Shortly following the news of the Treasury hack, the federal department announced sanctions on a cybersecurity company based in Beijing, relating to its role in helping breach US communications systems between the summer of 2022 and 2023, The New York Times reports.Related:At this point when it comes to actors like China and Russia and others that are so heavily blacklisted to what extent do we have a response? We're already limiting trade significantly, he says. The response would require just more sophisticated hardening of our information systems including all levels of the supply chain, says Ghose.Hardening of the supply chain requires an understanding of common threat actor tactics.We need to pay attention to the Chinese modus operandi, which is [to] island hop through other parties, whether it be cybersecurity vendors or whether it be through telecommunications carriers, and the fact that they're developing zero days faster than any other nation state, which still allows them to bypass a lot of cybersecurity defenses, Kellerman tells InformationWeek.And zero-day exploitation is on the rise. Cybersecurity consulting company Mandiant, a part of Google Cloud, found that 70% of vulnerabilities exploited in 2023 were zero days, an increase compared to 2021 and 2022.Hacks like the one of Treasury could prompt more focus on the supply chain and third-party reliance.Is it possible that this then results in more internalization, less reliance on third parties because of the difficulty of securing the supply chain? Ghose asks. That'll be an interesting development to watch.The Treasury hack also comes just before the beginning of a second Trump administration, and President-elect Trump has been vocal about taking an aggressive approach to China.The timing is interesting just because we're about to have an administration change, Ghose points out. So the Treasury leadership is going to be turning over soon. So, OFAC policy could look very different in, say, a couple of months from now.The US response to nation state cyber threats, beyond OFAC, could change under a new administration.