The U.S. Treasury reported unauthorized access to its systems in a major cybersecurity breach, with officials attributing the intrusion to hackers linked to the Chinese government. Attackers apparently gained access to employees’ workstations and non-confidential documents, amounting to what the department calls a “serious incident.”
According to A BBC reportcyberattacks targeted high-profile individuals, including President-elect Donald Trump and Vice President-elect J.D. Vance, while also breaching a law enforcement wiretapping database, potentially exposing surveillance by foreign spies. The report also noted that the data of millions of Americans may have been compromised in attacks on telecommunications companies.
This breach is the latest in a series of cyberattacks targeting U.S. entities, including huge telecommunications companies and government agencies. According to statements by the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), both major U.S. presidential campaigns were targeted by entities linked to the People’s Republic of China in tardy October. Additionally, September saw reports of security breach operations at leading telecommunications companies, including at least nine companies, including AT&T and Verizon.
Earlier this year, in March, seven Chinese nationals were charged with running a hacking operation spanning at least 14 years that targeted foreign critics of China, businesses and politicians. These operations also spread to other targets in the West, including the UK Electoral Commission and the UK and New Zealand parliaments.
The hacking groups involved are identified by various codenames assigned by security companies. The group behind the telecommunications hack is commonly known as “Salt Typhoon,” as Microsoft researchers called it; other companies call him “Famous Sparrow”, “Ghost Emperor”, and “Earth Estrie”. Another group, “Volt Typhoon,” was accused of infiltrating critical infrastructure organizations with the potential intent of conducting disruption attacks. According to the UK’s National Cyber Security Center, seven Chinese nationals previously indicted were linked by US Department of Justice officials to an operation known as “Zircon” or “Panda Judgment”, which also targeted the emails of British MPs in 2021.
Just two weeks ago, the U.S. government launched a national security investigation into TP-Link, a leading Chinese router maker whose devices dominate about 65% of the U.S. home and miniature business router market. This analysis stemmed from concerns that TP-Link routers had been used in cyberattacks linked to Chinese state-backed entities, targeting both the public and private sectors, including Department of Defense contractors.
The Chinese government has consistently denied involvement in these cyberattacks. However, the frequency and scope of these incidents have increased tensions between China and Western countries, prompting calls for enhanced cybersecurity measures and international cooperation to address the growing threat of state-sponsored cyber espionage. As investigations continue, U.S. officials are assessing the full scope of the breaches and implementing measures to enhance the security of critical infrastructure and government systems.
