Chinese state-sponsored hackers, known as Silk Typhoon (Hafnium), have reportedly breached multiple offices within the U.S. Treasury Department, including the Committee on Foreign Investment in the United States (CFIUS) and the Office of Foreign Assets Control (OFAC), according to a CNN report citing U.S. officials.
The attackers are believed to have gained access to sensitive government systems using a stolen BeyondTrust Remote Support SaaS API key, enabling them to infiltrate unclassified networks. These breaches are suspected to have targeted intelligence on individuals and organizations in China who may be subjected to U.S. sanctions, underscoring a calculated cyberespionage effort.
CFIUS, a Treasury Department office, plays a critical role in reviewing foreign investments and real estate transactions for potential national security risks. Meanwhile, OFAC oversees the implementation of U.S. trade and economic sanctions.
The hackers also compromised the Office of Financial Research, though the extent of the damage from this particular breach remains under investigation.
U.S. Government Response
The Cybersecurity and Infrastructure Security Agency (CISA) has stated that the Treasury Department breach did not spread to other federal agencies. However, reports suggest the hackers accessed unclassified documents related to potential sanctions actions before their access was blocked.
A Bloomberg report on Wednesday confirmed the attackers’ focus on intelligence theft, linking the breach to Silk Typhoon, a Chinese hacking group notorious for cyberespionage campaigns targeting various sectors, including defense, healthcare, higher education, and think tanks.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
