Chinese Hackers Breach U.S. Treasury in Major Cybersecurity Incident

In a frightening trend for U.S. national security, the U.S. Treasury Department revealed a “major” state-sponsored hacking incident by China. The hack, which took place earlier this month, provided the Chinese hackers with remote control of several Treasury Department workstations as well as unclassified documents.

The intruder was made possible by a breached third-party cyber security service provider, BeyondTrust. The exploitation facilitated the attacking parties to evade the computer security guardrails of the Treasury, which shows the dangers that can be posed by third-party vendors in cyber security environments.

Treasury Deputy Secretary Wally Adeyemo explained the incident in a letter to some members of Congress that, “Upon learning of this incident, Treasury took swift action to respond to and investigate the incident, including taking steps to mitigate the effect to Treasury systems and data.”.

The scope of the breach is still under investigation, but it is said that they breached into employee workstations and some unclassified files. It has been confirmed by the Treasury Department that no classified systems were affected in this breach.

This is part of a larger pattern of Chinese cyber activity against U.S. institutions. One distinct but concurrent pattern is that of one Chinese hacking group called Salt Typhoon, which has been actively attempting to penetrate telecommunications networks globally, including the United States. The group used vulnerabilities in Cisco routers to penetrate at least five other telecom networks during December and January.

Cyber security experts were also concerned about these attacks. Google’s Mandiant Intelligence chief analyst, John Hultquist, further added, “For years, Chinese cyber espionage actors have strategically targeted the telecommunications sector to facilitate their wider regional espionage efforts.”

The U.S. government has also been firm on this matter. A Treasury spokesperson made the assertion, “Treasury has taken swift action to respond to this incident and mitigate any potential compromises”.

But China has firmly rejected these allegations. Chinese Foreign Ministry spokesperson Wang Wenbin refuted the charges, stating, “We firmly oppose and crack down on all forms of hacking attacks. We will never encourage, support or condone cyber attacks”.

With U.S.-China tensions regarding cybersecurity issues still at a high level, this event is a harsh reminder of the ongoing threat in cyberspace. This is to emphasize the importance of being on guard and having good cybersecurity measures, particularly for critical government agencies.

The Treasury Department noted that it was cooperating closely with federal agencies and cybersecurity partners to contain the breach and deter subsequent breaches. While investigations are still unfolding, the overall scale of this cyber infiltration is yet to be known, but cybersecurity will certainly remain one of the leading issues in U.S.-China relations for a while to come.

Following is an overview of other such Chinese hacking of the United States:

• U.S. Telecommunications Companies Breach: Chinese hackers, in this case, a hacking group named Salt Typhoon, hacked into and breached a number of U.S. telecommunications companies. They took advantage of Cisco routers’ vulnerabilities in an attempt to gain entry into these networks.
• Federal Court Data Breach: Intelligence reports attest that Chinese cyberattacks likely compromised US broadband companies and breached federal court data.
• U.S. Government Agencies: State-sponsored Chinese hackers were suspected of infiltrating security at key US government facilities, such as the Treasury Department but not exclusively it.
• Penetration into Critical Infrastructure: The CCP strategically penetrated American critical infrastructure by conducting various kinds of cyberattacks.
• Telecommunications Industry Cyber Espionage Activities: Chinese cyber espionage players have been focusing on the telecommunications sector for years as part of their overall regional cyber espionage operations.
• Trade Secret Theft Attempts: Although not an established incident, China accused the U.S. of launching cyberattacks against two Chinese technology companies in an attempt to steal trade secrets, echoing the increased cyber tensions between the two countries.
• U.S. Network Botnet Attacks: Cyber National Mission Force, National Security Agency, and FBI jointly published an advisory about China-linked cyber actors employing botnets to assault U.S. networks.

These events reflect a trend of repeated and sophisticated cyber attacks that have been directed to China and that have been aimed at U.S. infrastructure sectors as well as government institutions. Note that although the events have been directed to China by both U.S. officials and cyber experts, China has remained adamant in denying participation in the events.