Chinese state-sponsored hackers, once again, infiltrated US Treasury systems. This time, they accessed computers belonging to Treasury Secretary Janet Yellen and her deputies, according to a report.
Rising Cybersecurity Threats
Notably, this breach comes amid heightened cybersecurity concerns in the US. The recent ‘Salt Typhoon’ cyberattack, for instance, compromised telecommunication services. It reportedly exposed sensitive data from Vice President Kamala Harris and President-elect Donald Trump.
Scope of the Hack
In the latest incident, hackers breached nearly 400 computers within the Treasury Department. Specifically, they targeted systems used by Yellen, Deputy Secretary Wally Adeyemo, and Acting Under Secretary Brad Smith. By exploiting a vulnerability in BeyondTrust’s software, they gained unauthorized access to remote systems.
Sensitive Data Exposed
As a result, hackers accessed up to 50 files on Yellen’s computer. Moreover, they stole over 3,000 unclassified files department-wide. Additionally, they obtained employee usernames, passwords, and law enforcement-sensitive data.
Focus on Treasury’s Roles
Interestingly, the hackers seemed focused on the Treasury’s work in sanctions, intelligence, and international affairs. However, they did not breach classified systems or email accounts. Investigators, therefore, attributed the attack to Silk Typhoon and UNC5221, two Chinese state-sponsored groups.
Treasury’s Swift Response
After BeyondTrust reported the breach on December 8, the Treasury immediately informed the Cybersecurity and Infrastructure Security Agency (CISA). Furthermore, they involved the FBI to address the incident.
Similar Past Attacks
This is not the first time Chinese hackers have exploited vulnerabilities in third-party systems. For example, in 2023, they breached devices belonging to Commerce Secretary Gina Raimondo and other officials. According to Microsoft, the attackers exploited flaws in digital keys and software code to steal emails from US government agencies.
Ongoing Concerns
Therefore, this latest breach underscores the growing risk of state-sponsored cyberattacks. It also highlights the urgent need for stronger cybersecurity measures to protect critical government data from future threats.