Dec 30 (Reuters) - Chinese state-sponsored hackers broke

into the U.S. Treasury Department this month and stole documents

from its workstations, according to a letter to lawmakers that

was provided to Reuters on Monday.

The hackers compromised third-party cybersecurity service

provider BeyondTrust and were able to access unclassified

documents, the letter said, calling it a "major incident."

According to the letter, hackers "gained access to a key

used by the vendor to secure a cloud-based service used to

remotely provide technical support for Treasury Departmental

Offices (DO) end users. With access to the stolen key, the

threat actor was able to override the service's security,

remotely access certain Treasury DO user workstations, and

access certain unclassified documents maintained by those

users."

The Treasury Department said it was alerted to the breach by

BeyondTrust on Dec. 8 and that it was working with the U.S.

Cybersecurity and Infrastructure Security Agency and the FBI to

assess the hack's impact.

The FBI did not immediately respond to Reuters' requests for

comment, while CISA referred questions back to the Treasury

Department. A spokesperson for the Chinese Embassy in Washington

did not immediately respond to a request for comment. Beijing

routinely denies responsibility for cyberespionage incidents.

BeyondTrust did not immediately return messages seeking

comment, but on its website, the company said it had recently

identified a security incident that involved a limited number of

customers of its remote support software. The statement said a

digital key had been compromised in the incident and that an

investigation was under way.

Tom Hegel, a threat researcher at cybersecurity company

SentinelOne ( S ), said it appeared the security incident

described by BeyondTrust aligns closely with the reported hack

at Treasury, although he cautioned that the company itself would

need to confirm any connection.

"This incident fits a well-documented pattern of operations

by PRC-linked groups, with a particular focus on abusing trusted

third-party services - a method that has become increasingly

prominent in recent years," he said.