Chinese Hackers Breach Key U.S. Treasury Offices in Espionage Campaign
State-backed group Silk Typhoon accessed sensitive unclassified systems tied to foreign investment reviews and sanctions enforcement.
- Chinese hacking group Silk Typhoon, also known as Hafnium, breached U.S. Treasury offices, including the Committee on Foreign Investment in the United States (CFIUS) and the Office of Foreign Assets Control (OFAC).
- Hackers used a stolen BeyondTrust Remote Support API key to infiltrate unclassified Treasury systems, gaining access to documents and employee workstations.
- CFIUS, responsible for reviewing foreign investments for national security risks, and OFAC, which oversees sanctions enforcement, were specifically targeted for intelligence collection.
- The breach is part of a broader campaign of Chinese cyber-espionage, with Silk Typhoon previously linked to significant attacks on U.S. infrastructure and organizations.
- U.S. officials are investigating the national security implications of the stolen information, which could provide strategic insights to the Chinese government despite no evidence of classified data being accessed.