As we reported last week, Chinese hackers infiltrated the US Treasury Department and gained access to the workstations of several users. However, according to Bloombergthe infiltration was more severe than initially reported, as hackers managed to gain access to systems belonging to Secretary Janet Yellen and other senior officials.
The perpetrators reportedly gained access to files belonging to Secretary Janet Yellen and other high-level officials. More than 400 computers and more than 3,000 unclassified files were compromised, revealing sensitive information relating to sanctions, law enforcement and international affairs. The scale of compromised systems and files far exceeds initial reports.
As detailed in the Treasury report, the attackers gained access to “law enforcement sensitive” information, including materials related to investigations conducted by the Committee on Foreign Investment in the United States (CFIUS). The attack, attributed to a group linked to the Chinese government, did not breach classified systems but raised solemn security concerns.
The report found that less than 50 files were accessed from Yellen’s device and that of Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. The attackers collected usernames, passwords and documents related to the Committee on Foreign Investment in the United States (CFIUS) from unclassified systems. While the breach targeted high-value information held by the Treasury Department, email and secret networks were not affected.
The hack has been linked to a hacking group known as Silk Typhoon (UNC5221). These hackers operated outside normal business hours to minimize the discovery and exploitation of vulnerabilities in BeyondTrust’s software.
The Treasury Department discovered the breach on December 8, after BeyondTrust reported its networks had been exploited. In response, the department alerted the Cybersecurity and Infrastructure Security Agency (CISA) and requested assistance from the FBI and other intelligence organizations. The ongoing investigation is intended to determine the full extent of the damage and prevent future incidents.
The breach is the latest in a series of cyberattacks attributed to Chinese entities that target U.S. government entities. Previous incidents included the hacking of email accounts belonging to Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns. China denies responsibility, calling the accusations baseless.
