US Treasury Secretary Janet Yellen’s computer was hacked in a broader cyberattack on the Treasury Department by Chinese state-sponsored hackers, Bloomberg News reported on Thursday, citing two people familiar with the matter.
Senior Treasury officials also affected
The breach also affected the computers of Yellen’s senior aides, Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. Fewer than 50 files on Yellen’s device were accessed during the attack, which took place in December.
Hackers exploit vulnerabilities in third-party cybersecurity provider BeyondTrust
The hackers gained access by exploiting vulnerabilities in third-party cybersecurity provider BeyondTrust, according to Treasury officials. The Treasury Department has referred to the incident as a “major breach”, as per the report.
China denies involvement in Treasury hack
China’s foreign ministry spokesperson, Mao Ning, denied involvement, stating, “China has always opposed all forms of hacker attacks.”
Hackers focus on Sanctions, Intelligence
According to a Treasury report reviewed by Bloomberg News, the hackers targeted Treasury’s role in sanctions, intelligence, and international affairs. Despite gaining access to several key systems, the hackers did not penetrate the department’s email servers or classified networks. The breach, which took place in December, was enabled through vulnerabilities in third-party cybersecurity service provider BeyondTrust, the Treasury Department confirmed.
Access to sensitive information: Hackers compromise over 400 computers and 3,000 files
The attackers were able to infiltrate over 400 Treasury computers, accessing employee usernames and passwords and more than 3,000 files on unclassified devices, according to the news report. Among the compromised materials were “law enforcement sensitive” documents and information pertaining to investigations managed by the Committee on Foreign Investment in the US, which reviews foreign investments for national security concerns.
Law enforcement data leaked: Sensitive investigations exposed
As per the report, Software contractor BeyondTrust Corp informed the Treasury Department of the breach on December 8, leading to an alert from Treasury to the Cybersecurity and Infrastructure Security Agency (CISA), as well as outreach to the FBI and other intelligence agencies for support.
Cyberattack attributed to Chinese State-sponsored group Silk Typhoon (UNC5221)
Investigators have attributed the cyberattack to a Chinese state-backed group identified as Silk Typhoon, or UNC5221, according to the report. The hackers are said to have focused on collecting documents and operated primarily outside of normal working hours to evade detection.
China rejects US allegations
Chinese officials have consistently denied US allegations of state-sponsored cyberattacks, with a Foreign Ministry spokesperson dismissing the claims surrounding the Treasury breach as “unwarranted and groundless.”
About The Author
