Chinese Hackers Penetrated The US Treasury

Britain's Chancellor of the Exchequer, Rachel Reeves, will visit China this month in an attempt to improve ‘economic and financial cooperation’. It seems likely that the members of the Chinese government she will be very well informed, not least because of intelligence gathered by China’s prolific nation-state hackers.

Their latest high profile exploit was revealed last week when the US Treasury disclosed that it had fallen victim of what it called a ‘major cyber security incident’.

The Treasury has blamed  Chinese hackers, who successfully accessed individual employee work-station, enabling them to view documents. They also say that the documents accessed were unclassified, the infected user computers disconnected and no evidence found that the hacker remain the Treasury networks.

The hackers were detected by leading access management cyber security firm, BeyondTrust,  who have reported that the hackers gained access by stealing a security key, although they have not revealed how many Treasury employee computers were  were breached.

China official sources have denied any involvement, describing the Treasury Dept chargers  "baseless" and saying it "consistently opposes all forms of hacking". Coincidentally, the alleged Treasury hacking follows allegations made by the Chinese security agency CNCERT/ CC that US intelligence agencies had attacked two  Chinese technology firms to steal commercial sensitive information.

This latest high-profile exploit follows the hacking of major US telecommunications firms, enabling Chinese hackers to gain access to private texts and phone conversations of prominent political and business leaders, reportedly including President-elect Trump and his incoming vice-president J.D. Vance. The attack was blamed on a Chinese group known as Salt Typhoon. 

The US and Britain have previously accused China of a long-term hacking campaign targeting politicians, journalists and businesses, blaming China’s ministry of state security, its main spy agencies and hacking affiliates. Indeed, China is thought to have invested heavily in a network of private sector contractors as it has vastly expanded its cyber capabilities. 

Amongst recent British targets are the Electoral Commission, which had access to information on tens of millions of UK voters, and a company providing pay-roll services to the Ministry of Defence, which may have exposed personal information about British military personnel. 

The UK’s intelligence agencies have said that China is now their top priority,and Ken McCallum, Head of the MI5 domestic spy agency has describing Chinese espionage as ‘a sustained campaign on a pretty epic scale’.

Other damaging exploits undertaken by another Chinese hacking group known as Volt Typhoon. According  to Jen Easterly, Director of the US Cybersecurity and Infrastructure Agency (CISA). This group is focused on penetrating critical infrastructure for the purpose of sabotage. Their targets include naval ports, internet service providers, communications services and utilities like water, aviation and energy. Volt Typhoon has apparently maintained long-term access to systems for years, pre-positioning destructive malware which could be activated for future acts of sabotage in times of conflict. 

CISA said that while the main target was US infrastructure, the infiltration was likely to have affected America’s Five Eyes, Canada, Australia, New Zealand and the Britain. 

The timing of the Treasury Department hacking revelations could have significant geo-political consequences as as they come come to light just before Donald Trump’s second Presidential inauguration, and the start of a US  administration which is expected to take a tougher line on relations with China. This is in contrast to Rachek Reeves’ imminent visit to China, during which she will discuss the re-opening of a Joint Economic and Trade Commission, set up in 1996 to promote trade and investment between the two countries, but suspended in 2020 after China imposed a national security law on Hong Kong. 

Reeves will have had a briefing with the aim to improve ties with an increasingly hostile China, however,  government officials and business leaders visiting the country are advised to take disposable 'burner phones' and throwaway laptops, as no electronic device can be considered safe once it has been exposed to ubiquitous Chinese domestic surveillance.  

Forbes   |    Spectator   |    BBC   |   Reuters   |   AlJazeera   |    Guardian  |   Morning Star  |   

Image: Ideogram

You Might Also Read: 

FBI & CISA Advice - Use Encrypted Messaging:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Volkswagen Suffers A Massive Data Breach
How Small & Medium Businesses Can Safeguard Their Critical Assets Against Evolving Cyber Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Encode

Encode

Encode delivers a cutting edge Security Analytics & Response Orchestration platform and best of breed Cyber Security Operations and Services.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

Anomali

Anomali

Anomali delivers intelligence-driven cybersecurity solutions to enhance threat visibility, automate threat processing and detection, and accelerate threat investigation, response, and remediation.

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

KOBIL

KOBIL

KOBIL is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Pentest People

Pentest People

Pentest People are a UK-based security consultancy focussing on bringing the benefits of Pentesting as a Service (PTaaS) to all its clients.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

StrikeReady

StrikeReady

StrikeReady have developed CARA, an advanced technology solution that offers personalized and proactive assessment and remediation of future and current risk in real-time.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

Canary Technology Solutions (Canary IT)

Canary Technology Solutions (Canary IT)

A Cloud, Cyber Security, Retail Solutions and Managed IT Services provider for over 25 years, we safeguard and revolutionise business through technology and foresight.

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.