Chinese state-sponsored hackers breached the U.S. Treasury Department's computer security guardrails this month and stole documents in what Treasury called a "major incident," according to a letter to lawmakers, that Treasury officials provided to Reuters on Monday.

The hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.

According to the letter, hackers "gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users. With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users."

The Treasury Department said it was alerted to the breach by BeyondTrust on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency and the FBI to assess the hack's impact.

Treasury officials didn't immediately respond to an email seeking further details about the hack. The FBI did not immediately respond to Reuters' requests for comment, while CISA referred questions back to the Treasury Department.

A spokesperson for the Chinese Embassy in Washington rejected any responsibility for the hack, saying that Beijing "firmly opposes the U.S.'s smear attacks against China without any factual basis."

A spokesperson for BeyondTrust, based in Johns Creek, Georgia, told Reuters in an email that the company "previously identified and took measures to address a security incident in early December 2024" involving its remote support product. BeyondTrust "notified the limited number of customers who were involved," and law enforcement was notified, the spokesperson said. "BeyondTrust has been supporting the investigative efforts."

The spokesperson referred to a statement posted on the company'swebsite, on Dec. 8 sharing some details from the investigation, including that a digital key had been compromised in the incident and that an investigation was under way. That statement was last updated Dec. on 18.

Tom Hegel, a threat researcher at cybersecurity company SentinelOne (S.N), said the reported security incident "fits a well-documented pattern of operations by PRC-linked groups, with a particular focus on abusing trusted third-party services - a method that has become increasingly prominent in recent years," he said, using an acronym for the People's Republic of China."

Iranian authorities have lifted a ban on Meta's instant messaging platform WhatsApp and Google Play as a first step to scale back internet restrictions, Iranian state media reported on Tuesday.

The Islamic Republic has some of the strictest controls on Internet access in the world, but its blocks on U.S.-based social media such as Facebook, Twitter and YouTube are routinely bypassed by tech-savvy Iranians using virtual private networks, Reuters reported.

"A positive majority vote has been reached to lift limitations on access to some popular foreign platforms such as WhatsApp and Google Play", Iran's official IRNA news agency said on Tuesday, referring to a meeting on the matter headed by President Masoud Pezeshkian.

"Today the first step in removing internet limitations... has been taken," IRNA cited Iran's Minister of Information and Communications Technology Sattar Hashemi as saying.

Social media platforms were widely used in anti-government protests in Iran.

President-elect Donald Trump indicated on Sunday that he favored allowing TikTok to keep operating in the United States for at least a little while, saying he had received billions of views on the social media platform during his presidential campaign, Reuters reported.

Trump's comments before a crowd of conservative supporters in Phoenix, Arizona, were one of the strongest signals yet that he opposes a potential exit of TikTok from the U.S. market.

The U.S. Senate passed a law in April requiring TikTok's Chinese parent company, ByteDance, to divest the app, citing national security concerns.

TikTok's owners have sought to have the law struck down, and the U.S. Supreme Court has agreed to hear the case. But if the court does not rule in ByteDance's favor and no divestment occurs, the app could be effectively banned in the United States on Jan. 19, one day before Trump takes office.

It is unclear how Trump would go about undoing the TikTok divestiture order, which passed overwhelmingly in the Senate, read the report.

"I think we're going to have to start thinking because, you know, we did go on TikTok, and we had a great response with billions of views, billions and billions of views," Trump told the crowd at AmericaFest, an annual gathering organized by conservative group Turning Point.

"They brought me a chart, and it was a record, and it was so beautiful to see, and as I looked at it, I said, 'Maybe we gotta keep this sucker around for a little while'," he said.

Trump met with TikTok's CEO on Monday. Trump said at a news conference the same day that he had a "warm spot" for TikTok thanks to his campaign's success on the app.

The Justice Department has argued that Chinese control of TikTok poses a continuing threat to national security, a position supported by most U.S. lawmakers, Reuters reported.

TikTok says the Justice Department has misstated the social media app's ties to China, arguing that its content recommendation engine and user data are stored in the United States on cloud servers operated by Oracle Corp (ORCL.N), opens new tab, while content moderation decisions that affect U.S. users are made in the United States.