As reported last week, Chinese hackers infiltrated the U.S. Department of Treasury and gained access to several users' workstations. However, according to Bloomberg, the infiltration was more severe than initially reported, as hackers managed to access systems belonging to Secretary Janet Yellen and other top officials.
The perpetrators reportedly accessed files belonging to Secretary Janet Yellen and other high-ranking officials. Over 400 computers and over 3,000 unclassified files were compromised, exposing sensitive information related to sanctions, law enforcement, and international affairs. The scale of compromised systems and files far exceeds initial reports.
As detailed in the Treasury report, the attackers gained access to "law enforcement sensitive" information, including materials related to investigations conducted by the Committee on Foreign Investment in the United States (CFIUS). The attack, attributed to a group linked to the Chinese government, did not breach classified systems but raised significant security concerns.
The report said fewer than 50 files from Yellen's device and data from Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith were accessed. The attackers gathered usernames, passwords, and documents related to the Committee on Foreign Investment in the United States (CFIUS) from unclassified systems. While the breach targeted high-value information within the Treasury Department, email and classified networks remained unaffected.
The intrusion was linked to a hacking group known as Silk Typhoon (UNC5221). These hackers operated outside regular working hours to minimize detection and exploited vulnerabilities in BeyondTrust's software.
Treasury discovered the breach on December 8, after BeyondTrust reported the exploitation of its networks. In response, the department alerted the Cybersecurity and Infrastructure Security Agency (CISA) and called for assistance from the FBI and other intelligence organizations. The ongoing investigation aims to determine the full extent of the damage and prevent future incidents.
The breach is the latest in a series of cyberattacks attributed to Chinese actors targeting U.S. government entities. Previous incidents included compromising email accounts belonging to Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns. China has denied responsibility, calling the accusations baseless.
