China-linked hackers accessed over 400 US Treasury computers, including Janet Yellen's<p>The US Treasury Department announced in a letter back in December that it had been the <a data-i13n="cpos:1;pos:1" href="
https://www.engadget.com/cybersecurity/the-us-treasury-department-says-it-was-hacked-in-a-china-linked-cyberattack-230114104.html">victim of a security breach[/url], attributing it to a “China state-sponsored Advanced Persistent Threat actor.” Now we know more about the extent of the hack, <a data-i13n="cpos:2;pos:1" href="
https://www.bloomberg.com/news/articles/2025-01-16/treasury-hackers-focused-on-sanctions-intelligence-report-says?sref=10lNAhZ9">thanks to reporting by
Bloomberg[/url].</p>
<p>The hacking group got into more than 400 laptop and desktop computers, many of which <a data-i13n="cpos:3;pos:1" href="
https://www.engadget.com/cybersecurity/china-linked-attack-on-us-treasury-department-reportedly-targeted-its-sanctions-office-150033082.html">were linked to senior leaders[/url] focused on “sanctions, international affairs and intelligence.” They also accessed employee usernames and passwords, in addition to more than 3,000 files on unclassified personal computers. These documents included travel data, organizational charts, sanction materials and foreign investment metrics.</p>
<span id="end-legacy-contents"></span><p>An agency report indicates that the perpetrators likely stole a whole lot of this data, but were unable to get into the Treasury’s classified or email systems. Subsequent reporting, also from <a data-i13n="cpos:4;pos:1" href="
https://www.bloomberg.com/news/articles/2025-01-16/chinese-hacked-us-treasury-secretary-yellen-s-computer-in-breach?sref=10lNAhZ9">
Bloomberg[/url], indicates around 50 classified files were stolen from the computer of Treasury Secretary Janet Yellen. The hackers also accessed materials regarding investigations run by the Committee on Foreign Investment. This committee reviews security implications surrounding real estate purchases and foreign investments in the US.</p>
<p>The agency report also notes that there wasn’t any evidence to suggest that the hackers tried to hide in the Treasury’s systems for the purpose of long-term intelligence gathering, and they didn’t leave behind any malware.</p>
<div id="f3817d33e1d246aaa8c94157345bb67f"><blockquote class="twitter-tweet"><p lang="en" dir="ltr">China reacts on ‘Treasury-Hack’
pic.twitter.com/7j7OaQ6eKD</p>— Willem Middelkoop (@wmiddelkoop)
January 2, 2025 </div>
<p>Investigators have attributed the intrusion to a notorious Chinese state-sponsored hacking group called Silk Typhoon, Halfnium or UNC5221. It has been suggested that they performed the hack outside of normal working hours to avoid detection. Last month, a spokesperson for the Chinese Foreign Ministry called the accusation that the attack was state-sponsored <a data-i13n="cpos:5;pos:1" href="
https://www.washingtonpost.com/national-security/2025/01/01/treasury-hack-china/">“unwarranted and groundless.
https://www.engadget.com/cybersecurity/china-linked-hackers-accessed-over-400-us-treasury-computers-182420268.html?src=rssSource:
China-linked hackers accessed over 400 US Treasury computers, including Janet Yellen's
