Chinese hackers have reportedly breached a key office within the US Treasury tasked with reviewing foreign investments and transactions that could threaten US national security.
CNN reports, citing US officials familiar with the incident, that the Chinese hackers targeted the Committee on Foreign Investment in the United States, or CFIUS, which can approve or deny deals that pose national security risks, such as mergers and acquisitions. of corporations or agreements involving sensitive US information.
Treasury officials confirmed to TechCrunch last week that it was investigating a “major cybersecurity incident” following a breach at one of its security vendors, BeyondTrust. Treasury said the hackers broke in using a stolen BeyondTrust key to remotely access employee workstations and documents on the department’s unclassified network. It was later revealed that Chinese hackers had also breached the department’s office of international financial sanctions, the Office of Foreign Assets Control, or OFAC.
The US cyber security agency CISA said this week that there was no indication that the hackers had accessed any other US government departments as part of the campaign.
Bloomberg reports that the hackers targeting the Treasury are known as Silk Typhoon (formerly called “Hafnium”), an active Chinese-backed hacking group known for conducting massive hacking operations aimed at stealing information.
The Treasury cyberattack is the latest in a string of incidents identified in recent months linked to the China-backed Typhoon family of hackers. These cyberattacks have included targeting the private communications of US government officials and planting destructive malware on critical US infrastructure to strike in the event of a future conflict between China and the United States.
The Chinese government has repeatedly denied the allegations.
