By Raphael Satter and AJ Vicens

WASHINGTON (Reuters) -Chinese state-sponsored hackers breached the U.S. Treasury Department’s computer security guardrails this month and stole documents in what Treasury called a “major incident,” according to a letter to lawmakers that Treasury officials provided to Reuters on Monday.

The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.

According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”

“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said.

The Treasury Department said it was alerted to the breach by BeyondTrust on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack’s impact.

Treasury officials didn’t immediately respond to an email seeking further details about the hack. The FBI did not immediately respond to Reuters’ requests for comment, while CISA referred questions back to the Treasury Department.

“China has always opposed all forms of hacker attacks,” Mao Ning, a spokesperson for China’s foreign ministry, told a regular news conference on Tuesday.

A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing “firmly opposes the U.S.’s smear attacks against China without any factual basis.”

A spokesperson for BeyondTrust, based in Johns Creek, Georgia, told Reuters in an email that the company “previously identified and took measures to address a security incident in early December 2024” involving its remote support product. BeyondTrust “notified the limited number of customers who were involved,” and law enforcement was notified, the spokesperson said. “BeyondTrust has been supporting the investigative efforts.”

The spokesperson referred to a statement posted on the company’s website on Dec. 8 sharing some details from the investigation, including that a digital key had been compromised in the incident and that an investigation was under way. That statement was last updated on Dec. 18.

Tom Hegel, a threat researcher at cybersecurity company SentinelOne, said the reported security incident “fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services – a method that has become increasingly prominent in recent years,” he said, using an acronym for the People’s Republic of China.”

(Reporting by Raphael Satter in Washington, AJ Vicens in Detroit and Akash Sriram in Bengaluru; Additional reporting by Liz Lee in Beijing; Editing by Shinjini Ganguli, Tasim Zahid, Alistair Bell, Rod Nickel, Leslie Adler and Sonali Paul)

• A driver ran down two New Zealand police officers on patrol in the early hours of New Year’s Day, killing one and seriously injuring the other, the country’s police chief said.
• The driver drove into the officers “at speed” before turning and ramming a police car.
• A 32-year-old man was arrested over the incident shortly after it happened.

A driver ran down two New Zealand police officers as they patrolled on foot in the early hours of New Year’s Day, killing one and seriously injuring the other, the country’s police chief said.

The attack jolted a country where the killing of police officers on duty is rare. Senior Sergeant Lyn Fleming was the first female officer in New Zealand’s history killed by a criminal act while at work, police said Thursday.

In Wednesday’s attack, the vehicle drove into the officers “at speed” as they performed a routine patrol of a parking lot, before the driver turned and rammed a police car, Police Commissioner Richard Chambers told reporters in the South Island city of Nelson. Fleming died in a local hospital hours later.

BOURBON STREET ATTACK ON NEW YEAR’S REVELERS JUST THE LATEST CASE OF TERRORISTS USING TRUCKS TO KILL

A 32-year-old man was arrested over the incident shortly after it happened, at about 2 a.m. local time. He was charged with eight criminal counts, including murder, attempted murder, assault using a vehicle as a weapon and driving while disqualified.

The other officer struck by the car was in serious condition but was expected to make a full recovery, Chambers said. A third officer who was in the rammed police car received a concussion and two members of the public were hurt, one of them after coming to help the injured officers.

Chambers condemned the “senseless act of an individual who appears to have been determined to cause harm,” although he did not suggest a motive.

“There was, at this stage, no indication that was what about to occur, occurred,” Chambers said.

Police Minister Mark Mitchell told reporters the officers were “targeted in what I consider a very cowardly attack.” It was a “devastating day” for police and for the country, Prime Minister Christopher Luxon wrote on X.

The attack happened in a downtown area of Nelson — population 55,000 — close to the street where the city’s New Year’s Eve celebrations had concluded two hours before.

Before Wednesday, the last killing of a police officer on duty in New Zealand was in 2020, when an officer was shot by a fleeing driver. 33 other officers have died through criminal acts while on duty since 1890, according to police records.

Fleming had been an officer for 38 years and was a long-serving netball coach at a local girls’ high school.

“She’s a mother, she’s a wife and she’s a well-known and highly respected member of the Nelson community,” Chambers said.

The man charged is due to appear in court on Friday. A murder conviction in New Zealand draws an automatic sentence of life in prison, with the presiding judge setting a non-parole period of at least 10 years.

US technology billionaire says Tommy Robinson, who is serving in 18-month prison sentence, ‘should be freed’.

Elon Musk has called for the jailed British far-right activist Tommy Robinson to be released and criticised UK Prime Minister Sir Kier Starmer for his response to grooming scandals when he served as the country’s chief prosecutor more than a decade ago.

In a flurry of posts on social media on Thursday, the US technology billionaire said that Robinson, who founded the far-right English Defence League and whose real name is Stephen Yaxley-Lennon, “should be freed”.

“Why is Tommy Robinson in a solitary confinement prison for telling the truth?” Musk wrote on X, the social media platform he owns, on Thursday.

“He should be freed and those who covered up this travesty should take his place in that cell,” he wrote.

Robinson, a one-time football hooligan with a string of UK criminal convictions, is serving an 18-month jail term after he admitted contempt of court in a long-running libel case involving a Syrian refugee.

Musk also posted several messages about the grooming scandals which took place over decades in a number of English towns and cities including Rochdale, Rotherham and Oldham until they were uncovered more than a decade ago.

Musk shared various other accounts’ claims around the scandals and criticised Starmer’s response to the scandal.

“In the UK, serious crimes such as rape require the Crown Prosecution Service’s approval for the police to charge suspects. Who was the head of the CPS when rape gangs were allowed to exploit young girls without facing justice? Keir Starmer, 2008-2013,” he posted, criticising the current British prime minister.

Starmer was the head of the CPS in that period and he began a prosecution of a grooming gang in Rochdale during his final year in the role, shortly after the scandal emerged. None of the probes into the scandals singled Starmer out for blame or found that he tried to block prosecutions.

In 2012, Starmer blamed the justice system’s flawed approach to sexual exploitation and ordered a comprehensive restructuring of the CPS’s responses to it.

Musk’s tweets on Robinson have garnered support from far-right figures, including Dutch politician Geert Wilders, as well as some right-wing YouTube channels who also called for his release.

The US tech billionaire’s latest intervention in UK politics comes after his recent declaration of support for Germany’s far-right AfD party, where he claimed that AfD is the only party which can “save” Germany as the country heads towards snap elections next month.

The German government has accused him of interfering in the vote.

Musk has also openly backed other far-right figures in Europe including Nigel Farage of the UK’s Reform party and Italy’s right-wing Prime Minister Giorgia Meloni.

Musk was also a prominent funder and supporter of US President-elect Donald Trump’s campaign. Last month, Trump refuted claims that he had “ceded the presidency” to Musk.