Chinese Hackers Penetrated The US Treasury

Uploaded on 2025-01-01 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

Britain's Chancellor of the Exchequer, Rachel Reeves, will visit China this month in an attempt to improve ‘economic and financial cooperation’. It seems likely that the members of the Chinese government she will be very well informed, not least because of intelligence gathered by China’s prolific nation-state hackers.

Their latest high profile exploit was revealed last week when the US Treasury disclosed that it had fallen victim of what it called a ‘major cyber security incident’.

The Treasury has blamed  Chinese hackers, who successfully accessed individual employee work-station, enabling them to view documents. They also say that the documents accessed were unclassified, the infected user computers disconnected and no evidence found that the hacker remain the Treasury networks.

The hackers were detected by leading access management cyber security firm, BeyondTrust,  who have reported that the hackers gained access by stealing a security key, although they have not revealed how many Treasury employee computers were  were breached.

China official sources have denied any involvement, describing the Treasury Dept chargers  "baseless" and saying it "consistently opposes all forms of hacking". Coincidentally, the alleged Treasury hacking follows allegations made by the Chinese security agency CNCERT/ CC that US intelligence agencies had attacked two  Chinese technology firms to steal commercial sensitive information.

This latest high-profile exploit follows the hacking of major US telecommunications firms, enabling Chinese hackers to gain access to private texts and phone conversations of prominent political and business leaders, reportedly including President-elect Trump and his incoming vice-president J.D. Vance. The attack was blamed on a Chinese group known as Salt Typhoon. 

The US and Britain have previously accused China of a long-term hacking campaign targeting politicians, journalists and businesses, blaming China’s ministry of state security, its main spy agencies and hacking affiliates. Indeed, China is thought to have invested heavily in a network of private sector contractors as it has vastly expanded its cyber capabilities. 

Amongst recent British targets are the Electoral Commission, which had access to information on tens of millions of UK voters, and a company providing pay-roll services to the Ministry of Defence, which may have exposed personal information about British military personnel. 

The UK’s intelligence agencies have said that China is now their top priority,and Ken McCallum, Head of the MI5 domestic spy agency has describing Chinese espionage as ‘a sustained campaign on a pretty epic scale’.

Other damaging exploits undertaken by another Chinese hacking group known as Volt Typhoon. According  to Jen Easterly, Director of the US Cybersecurity and Infrastructure Agency (CISA). This group is focused on penetrating critical infrastructure for the purpose of sabotage. Their targets include naval ports, internet service providers, communications services and utilities like water, aviation and energy. Volt Typhoon has apparently maintained long-term access to systems for years, pre-positioning destructive malware which could be activated for future acts of sabotage in times of conflict. 

CISA said that while the main target was US infrastructure, the infiltration was likely to have affected America’s Five Eyes, Canada, Australia, New Zealand and the Britain. 

The timing of the Treasury Department hacking revelations could have significant geo-political consequences as as they come come to light just before Donald Trump’s second Presidential inauguration, and the start of a US  administration which is expected to take a tougher line on relations with China. This is in contrast to Rachek Reeves’ imminent visit to China, during which she will discuss the re-opening of a Joint Economic and Trade Commission, set up in 1996 to promote trade and investment between the two countries, but suspended in 2020 after China imposed a national security law on Hong Kong. 

Reeves will have had a briefing with the aim to improve ties with an increasingly hostile China, however,  government officials and business leaders visiting the country are advised to take disposable 'burner phones' and throwaway laptops, as no electronic device can be considered safe once it has been exposed to ubiquitous Chinese domestic surveillance.  

Forbes   |    Spectator   |    BBC   |   Reuters   |   AlJazeera   |    Guardian  |   Morning Star  |   

Image: Ideogram

You Might Also Read: 

FBI & CISA Advice - Use Encrypted Messaging:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Volkswagen Suffers A Massive Data Breach
How Small & Medium Businesses Can Safeguard Their Critical Assets Against Evolving Cyber Threats »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

Korea Internet & Security Agency (KISA)

Korea Internet & Security Agency (KISA)

KISA is committed to improving the competitiveness, reliability and security of Internet information and knowledge in Korea.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

Cologix

Cologix

Cologix provides reliable, secure, scalable data center and interconnection solutions from 24 prime interconnection locations across 9 strategic North American edge markets.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

Eclypsium

Eclypsium

Eclypsium protects organizations from the foundation of their computing infrastructure upward, controlling the risk and stopping threats inside firmware of laptops, servers, and networks.

IdentityIQ

IdentityIQ

IdentityIQ is a US-based identity theft and credit protection company designed to help users stay on top identity thieves and data breaches.

SIRP Labs

SIRP Labs

SIRP is a Risk-based Security Orchestration, Automation and Response (SOAR) platform that fuses essential cybersecurity information to enable a unified cyber response.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Krista Software

Krista Software

Krista is an intelligent automation platform that combines iPaaS and Conversational AI to automate complete business processes across your teams and apps.

Antigen Security

Antigen Security

Antigen Security is a Digital Forensics, Incident Response and Recovery Engineering firm helping businesses and service providers prepare for, respond to, and recover from cyber threats.

Valeo Networks

Valeo Networks

Valeo Networks is a full-service Managed Security Service Provider (MSSP). We partner with organizations to remove the burden of technology so that they can focus on growing their business.

CyberForce Global

CyberForce Global

CyberForce Global are at the forefront of start-up technology recruitment in areas including cybersecurity, IT infrastructure, software, fintech, blockchain and more.