China Hacked US Treasury's CFIUS - National Security Breach

Reported Chinese Hack of U.S. Treasury Department

It has been reported that Chinese hackers have successfully infiltrated a critical division of the U.S. Treasury Department. This office is responsible for the examination of foreign investments and financial dealings that potentially pose a threat to U.S. national security interests.

Breach of the Committee on Foreign Investment in the United States

According to CNN, citing sources within the U.S. government who are knowledgeable about the situation, the Committee on Foreign Investment in the United States (CFIUS) was the specific target. CFIUS possesses the authority to either authorize or reject transactions that could create national security vulnerabilities.

These transactions include, but are not limited to, corporate acquisitions, mergers, and agreements involving sensitive U.S. data.

Initial Response and Investigation

A spokesperson for the Treasury Department has not yet responded to requests for an official statement regarding this incident.

Last week, Treasury officials acknowledged to TechCrunch that a “major cybersecurity incident” was under investigation. This followed a security breach experienced by one of its vendors, BeyondTrust.

Exploitation of Vendor Vulnerability

The Treasury Department confirmed that the attackers gained access by utilizing a compromised key belonging to BeyondTrust. This allowed remote access to employee workstations and documents residing on the department’s unclassified network.

Subsequent investigations revealed that the same Chinese hacking group had also compromised the Office of Foreign Assets Control (OFAC), the department responsible for international financial sanctions.

Limited Scope of the Breach

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) stated this week that, currently, there is no evidence to suggest that any other U.S. government departments were affected by this hacking campaign.

Attribution to Silk Typhoon

Bloomberg reports that the hacking group responsible for targeting the Treasury Department is identified as Silk Typhoon, formerly known as “Hafnium”.

This group is known to be backed by the Chinese government and is recognized for conducting large-scale hacking operations with the primary goal of information theft.

Broader Pattern of Cyberattacks

The cyberattack on the Treasury represents the most recent in a series of incidents detected in recent months. These incidents are linked to the “Typhoon” hacking family originating from China.

These attacks have encompassed the targeting of private communications belonging to U.S. government personnel and the pre-positioning of destructive malware within U.S. critical infrastructure.

Such malware could be deployed in the event of a potential conflict between China and the United States.