A cyberespionage campaign targeting the Department of Treasury has reportedly reached a U.S. government office responsible for reviewing foreign investments for national security threats. Chinese hackers breached the Committee on Foreign Investment in the U.S. (CFIUS), a multi-agency panel chaired by the treasury secretary that evaluates national security concerns related to foreign investments in the U.S. economy. This intrusion into CFIUS raises concerns about potential threats to national security posed by foreign entities.
The hackers also allegedly penetrated the Office of Foreign Assets Control, another Treasury department tasked with enforcing sanctions. This breach underscores the vulnerability of government agencies to sophisticated cyber attacks and raises questions about the effectiveness of cybersecurity measures in place to protect sensitive information.
According to CNN, the hackers behind the Treasury hacks are identified as Silk Typhoon, a Beijing-based nation-state group known for its cyber offensive capabilities. In 2021, this same group exploited four zero-day vulnerabilities to compromise on-premises versions of Microsoft Exchange Server. The United States and its allies have previously condemned such cyber attacks as part of a broader pattern of destabilizing behavior in cyberspace attributed to the Chinese government.
Following the disclosure of the Treasury breach, the Cybersecurity and Infrastructure Security Agency (CISA) stated that the intrusion has not extended to other federal agencies. The hackers reportedly exploited vulnerabilities in cloud-based support services provided by third-party contractor BeyondTrust to gain access to Treasury networks. BeyondTrust has since patched all identified vulnerabilities in its remote support services to prevent future breaches.
In response to the hack, the Biden administration imposed sanctions on Integrity Technology Group, a Beijing-based company allegedly supporting a Chinese state hacking group known as Flax Typhoon. This move demonstrates the U.S. government’s commitment to holding accountable those who facilitate malicious cyber activities that threaten national security and economic stability.
The Treasury hacking incident is part of a broader trend of Chinese cyber attacks targeting U.S. critical infrastructure, telecommunications firms, and federal networks. Experts warn that Beijing is actively preparing for potential conflicts with the U.S., including the possibility of a military confrontation over issues such as Taiwan. As geopolitical tensions rise between the two nations, the cybersecurity threat posed by Chinese state-sponsored hackers continues to evolve, posing significant challenges to U.S. national security and economic interests.