US Treasury breach: In a major cybersecurity incident, Chinese hackers reportedly infiltrated the computer of US Treasury Secretary Janet Yellen and accessed at least 50 files. According to a Bloomberg report, the breach occurred in December and also impacted systems belonging to Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. The hackers are believed to have accessed sensitive information related to the Treasury Department’s operations, intelligence, and international affairs, the report stated.
The hackers reportedly targeted over 400 personal computers and devices within the Treasury Department, gaining access to more than 3,000 files. Among the stolen data were documents connected to the Committee on Foreign Investment in the United States (CFIUS), which reviews the national security implications of foreign investments.
Vulnerability in third-party software exploited
The breach exploited a vulnerability in software from BeyondTrust Corporation — a third-party cybersecurity service provider. This flaw was identified and reported by the company on December 8. Following the incident, the Treasury Department informed the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other intelligence agencies. Treasury officials briefed Congress members and staff this week about the breach’s scope and implications.
Meanwhile, investigations by US agencies have linked the hackers to the Chinese government, revealing that the operation prioritised data collection and occurred after business hours to evade detection. The US Treasury Department described the breach as a serious incident and outlined the harm caused to its computer security.
In response, Chinese Foreign Ministry spokesperson Mao Ning denied the allegations, stating that China opposes all forms of cyberattacks. However, the incident has raised significant concerns about the vulnerabilities in crucial US systems and the growing sophistication of state-backed cyber operations.
A similar US treasury breach
Earlier in December last year, the US treasury said Chinese hackers remotely accessed several workstations and unclassified documents of the department after compromising a third-party software service provider. The department did not provide details on how many workstations had been accessed or what sort of documents the hackers may have obtained, but it said in a letter to lawmakers revealing the breach that “at this time there is no evidence indicating the threat actor has continued access to Treasury information.
ALSO READ: Chinese cyberattack on US Treasury: Workstations breached, key documents exposed
