Chinese hackers breach US Treasury systems, steal sensitive data
What's the story
In a major cybersecurity breach, Chinese state-sponsored hackers have managed to break into the US Department of Treasury's systems.
The intrusion compromised several high-ranking officials including Treasury Secretary Janet Yellen, Deputy Secretary Wally Adeyemo, and Acting Under Secretary Brad Smith.
The incident is the latest in a series of cyberattacks by Chinese hackers on US agencies as well as top officials, including Vice President Kamala Harris and President-elect Donald Trump.
Breach details
Hackers exploit 3rd-party software vulnerability
Bloomberg News reported that some 400 computers in the department were compromised in this latest attack.
The hackers exploited a vulnerability in BeyondTrust's software, a third-party provider the department uses for remote system access.
It is estimated that up to 50 files on Yellen's computer were accessed by the hackers during this breach.
Targeted data
Hackers' focus and information accessed
The hackers appeared particularly keen on the Treasury's role in sanctions, intelligence, and international affairs.
However, they failed to compromise the department's email or classified systems.
The breach led to unauthorized access to employee usernames, passwords, and over 3,000 files on unclassified personal devices.
Meanwhile, "law enforcement sensitive" data related to investigations by the Committee on Foreign Investment in the US were also compromised.
Action taken
Response and previous incidents
After BeyondTrust revealed the breach on December 8, the Treasury notified the Cybersecurity and Infrastructure Security Agency (CISA) and involved the Federal Bureau of Investigation (FBI).
Notably, this isn't the first instance of Chinese hackers using third-party system vulnerabilities to access devices of senior US officials.
In 2023, similar breaches affected Commerce Secretary Gina Raimondo, Assistant Secretary of State for East Asia Daniel Kritenbrink, and US envoy to China Nicholas Burns.