Chinese hackers have reportedly breached a key office in the US Treasury Department tasked with reviewing foreign investments and transactions that could threaten US national security.
reports CNNciting US officials familiar with the incident, that the Chinese hackers targeted the Committee on Foreign Investment in the United States, or CFIUS, which can approve or deny deals that pose national security risks, such as mergers and acquisitions of companies or deals involving sensitive information for the USA.
A Treasury spokesman did not return a request for comment.
Treasury officials confirmed to TechCrunch last week that it was investigating a “major cyber security incident” following a breach at one of its security vendors, BeyondTrust. The Treasury Department said the hackers broke in using a stolen BeyondTrust key to gain remote access to employee workstations and documents on the department’s unclassified network. It was later revealed that Chinese hackers had also breached the department’s office for international financial sanctions, the Office of Foreign Assets Control, or OFAC.
The US cyber security agency CISA said this week that there was no indication that the hackers had broken into any other US government departments as part of the campaign.
Bloomberg reports that the hackers targeting the Treasury Department are known as Silk Typhoon (previously called “Hafnium”), an active Chinese-backed hacking group known for conducting mass hacking operations aimed at stealing information.
The cyberattack on the Treasury Department is the latest in a series of incidents identified in recent months linked to the Chinese-backed “Typhoon” hacking family. These cyberattacks include targeting private communications of US government officials and placing destructive malware on critical US infrastructure to strike in the event of a future conflict between China and the United States.
The Chinese government has repeatedly denied the accusations.
