Chinese hackers have reportedly breached a key office within the U.S. Treasury tasked with reviewing foreign investments and transactions that could threaten U.S. national security.
CNN reports, citing U.S. officials familiar with the incident, that the Chinese hackers targeted the Committee on Foreign Investment in the United States, or CFIUS, which can approve or deny deals that present national security risks, such as corporate mergers and takeovers or deals that involve sensitive U.S. information.
Treasury officials confirmed to TechCrunch last week that it was investigating a “major cybersecurity incident” following a breach at one of its security vendors, BeyondTrust. The Treasury said the hackers broke in using a stolen BeyondTrust key to remotely access employee workstations and documents on the department’s unclassified network. It was later revealed that the Chinese hackers had also breached the department’s office for international financial sanctions, the Office of Foreign Assets Control, or OFAC.
U.S. cybersecurity agency CISA said this week that there was no indication that the hackers had broken into any other U.S. government department as part of the campaign.
Bloomberg reports that the hackers targeting the Treasury are known as Silk Typhoon (previously called “Hafnium”), an active China-backed hacking group known to carry out mass hacking operations aimed at stealing information.
The cyberattack at the Treasury is the latest in a string of incidents identified in recent months and linked to the China-backed family of “Typhoon” hackers. These cyberattacks have included the targeting of private communications of U.S. government officials and prepositioning destructive malware in U.S. critical infrastructure to strike in the event of a future conflict between China and the United States.
The Chinese government has repeatedly denied the accusations.