The US Treasury Department announced in a letter in December that it had been attributing it to an “Advanced Persistent Threat Actor sponsored by the State of China”. Now we know more about the hacker extension, .
The hacker group got into more than 400 laptops and desktop computers, many of which focused on “sanctions, international affairs and intelligence”. They also accessed employee usernames and passwords, in addition to more than 3,000 files on unclassified personal computers. These documents include travel data, organizational charts, sanction materials and foreign investment metrics.
An agency report indicates that the perpetrators probably stole much of this data, but were unable to enter classified systems or Treasury emails. Hackers have access to materials related to investigations conducted by the Committee on Foreign Investment. This committee examines the security implications surrounding real estate purchases and foreign investments in the United States.
The agency’s report also notes that there was no evidence to suggest that the hackers tried to hide in the Treasury’s systems for the purpose of long-term intelligence gathering, and they did not leave behind any malware.
Investigators attributed the intrusion to a well-known Chinese state-owned hacking group called Silk Typhoon, Halfnium or UNC5221. It has been suggested that they carried out the hack outside of normal working hours to avoid detection. Last month, a spokesman for the Chinese Ministry of Foreign Affairs called the accusation that the attack was sponsored by the state.
Counterintelligence officials are still in the middle of a “full damage assessment,” but Treasury officials are set to brief the Senate Banking, Housing and Financial Affairs Committee. Urban affairs on the matter this week.
https://s.yimg.com/os/creatr-uploaded-images/2025-01/4b96d9e0-d434-11ef-bfff-39671a214ab7
2025-01-16 18:24:00
