Chinese state-sponsored hackers infiltrated the U.S. Treasury Department, compromising over 400 computers and targeting sensitive data related to sanctions, international affairs, and intelligence, according to a report reviewed by Bloomberg News. The breach, which occurred from late September through mid-November, saw hackers access employee usernames, passwords, and over 3,000 files on unclassified computers. The files included policy documents, travel records, organizational charts, and material related to sanctions and foreign investment, along with “Law Enforcement Sensitive” data.
However, the hackers did not penetrate the Treasury’s classified systems or email accounts, and there is no evidence they lingered for long-term intelligence-gathering purposes. The report, which was delivered to Congress, suggests that the intruders primarily focused on the computers of staff in the Office of Foreign Assets Control, the Office of International Affairs, and the Office of Intelligence and Analysis. They also targeted certain senior Treasury officials and obtained personal financial documents, including employees’ banking and insurance records.
The hackers, identified by cybersecurity professionals as Silk Typhoon and UNC5221, operated during off-hours to evade detection and primarily collected documents. Treasury officials acted swiftly, disconnecting systems linked to software contractor BeyondTrust Corp., which was initially breached in December. BeyondTrust, a Georgia-based company, holds significant government contracts, but its systems have remained offline since the breach was discovered. The Treasury has signaled its intent to explore other service providers for cybersecurity, following the incident.
The breach was first reported by BeyondTrust on December 8 and immediately communicated to the Cybersecurity and Infrastructure Security Agency. Treasury has since worked with the FBI, intelligence agencies, and other response teams to address the issue. Despite Chinese officials’ repeated denials of involvement in state-sponsored cyberattacks, the U.S. government has attributed the breach to a Chinese hacking group.
In response to the breach, Treasury officials are preparing to brief members of the Senate Committee on Banking, Housing, and Urban Affairs. While investigations continue, counterintelligence officials are conducting a comprehensive damage assessment to understand the full scope of the breach. The Treasury Department has expressed concerns about the security of its contractors, particularly BeyondTrust, and is considering alternatives for future cybersecurity needs.
Related topics: Stocks and Bonds Fall in Asia, Oil Hits Four-Month High Amid US Jobs Data and Sanctions on Russia
Constellation Energy Stock Soars on $26.6 Billion Acquisition of Calpine: Key Price Levels to Watch
China’s December Exports Exceed Expectations Amid Trade Uncertainty
China’s Central Bank Halts Bond Purchases to Address Economic Concerns and Yuan Weakness
