China-linked attack on US Treasury Department reportedly targeted its sanctions office

Last updated: January 2, 2025 3:12 pm

By MT HANNACH

2 Min Read

Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!

The US Treasury Department told lawmakers in a letter last December, according to which its documents and workstations had been accessed by an external party during a security breach. It described the attack as “a major cybersecurity incident” and attributed it to a “Chinese state-sponsored advanced persistent threat actor.” NOW, The Washington Post reported that bad actors infiltrated a “highly sensitive office” within the Treasury, responsible for deliberating and administering U.S. government sanctions.

As The post office As the Office of Foreign Assets Control (OFAC) explains, he has important information that could be very useful to the government of another country. Even if the hackers were only able to steal unclassified data, they could still have gotten their hands on the identities of potential sanctions targets. They also may have stolen evidence the agency had collected as part of its investigation into entities the government is considering sanctioning. Overall, the attackers could have obtained enough information to learn how the United States crafts sanctions against foreign entities.

In addition to OFAC, the Office of the Secretary of the Treasury and the Office of Financial Research were also affected by the breach. The attackers infiltrated Treasury systems by accessing a key used by BeyondTrust, a cloud-based service that provides technical support to the department.

Over the years, the U.S. government has attributed numerous cyberattacks against its U.S. agencies and companies to Chinese state-sponsored actors. Last year, the FBI blamed “PRC-affiliated actors” for a massive hack of US telecommunications companies. The actors, a group known as Salt Typhoon, allegedly targeted the mobile devices of diplomats, government officials and others linked to the two presidential campaigns. According to The post officeChinese officials called allegations that their country was involved in the attack on the Treasury Department “baseless” and insisted that their government “has always opposed all forms of attacks by hackers.”