China Hacked Treasury Dept. in ‘Major’ Breach, U.S. Says

The Biden administration said Monday that China’s intelligence agency hacked the U.S. Treasury Department, gaining access to government employees’ workstations and unclassified documents. This is the latest in a series of disgraceful surveillance operations against major American institutions.

It is unclear from the Treasury Department’s limited initial report on the episode what exactly the hackers were looking for. But senior officials with access to intelligence about the hack said it appeared to be entirely a spy operation and not part of other Chinese efforts to inject malicious computer code into utility networks and water systems that would give them the ability to shut down critical important American systems. infrastructure.

In a letter briefing lawmakers on the episode, the Treasury Department said it was notified by third-party software company BeyondTrust on Dec. 8 that a hacker had obtained a security key that allowed him to gain remote access to certain treasury institutions. workstations and documents on them.

“Based on available information, the incident was attributed to the activities of a state-sponsored Advanced Persistent Threat (APT) group,” the letter said. “Under Treasury policy, APT-related intrusions are considered a serious cybersecurity incident.”

Top Chinese officials have a deep interest in the Treasury Department, which oversees sensitive data on global financial systems as well as assessments of China’s own troubled economy. The department also imposes sanctions on Chinese firms, including, most recently, those that are helping Russia in its war against Ukraine.

Earlier this year, Chinese intelligence hacked email accounts used by Commerce Secretary Gina Raimondo as she made decisions on new export controls on advanced semiconductors and other key technologies in an attempt to slow their acquisition by Chinese firms. Similar efforts were made against facilities in the State Department.

But the administration’s admission to the Treasury Department comes at a particularly sensitive moment, as the Biden White House faces one of the most far-reaching and damaging hacks of American infrastructure in the cybersecurity era.

In recent months, a series Revelations have revealed how a sophisticated Chinese intelligence group called “Salt Typhoon” penetrated deeply into at least nine US telecommunications companies.

The hack exploited critical holes in the US telecommunications infrastructure, giving hackers access not only to text messages, but also to telephone conversations. Investigators said the targets included commercial, unencrypted phone lines used by President-elect Donald Trump, Vice President-elect J.D. Vance and senior national security officials, although it is unclear what, if any, conversations the hackers were able to obtain. track.

The Salt Typhoon hackers also obtained a nearly complete list of phone numbers that the Justice Department had been tapping to spy on people suspected of crimes or espionage, giving the Chinese government insight into which Chinese spies the United States had identified and which it had missed. The resulting breach has concerned counterintelligence officials who fear Beijing will know who is under suspicion and who is not.

The Treasury Department said it was working with the FBI, intelligence community and other investigators to determine the impact of the latest hack. The compromised service has been taken offline and there is no evidence that Chinese hackers still have access to Treasury information, the department said.

In a statement, a Treasury spokesman said the department takes threats against its systems and the data they store seriously, and that it will continue to work with the private sector and government agencies to protect the financial system from hacks.

The Treasury Department did not specify when exactly the episode occurred but said it would disclose more details in an upcoming report to Congress.

On Tuesday, Chinese Foreign Ministry spokeswoman Mao Ning called the U.S. accusations “baseless.” Ms Mao added that China opposes all forms of hacking and “we are even more opposed to the spread of false information against China for political purposes.”

Chinese officials have long denied any government involvement in the hacking and have opened dialogue with the United States to work together on cybersecurity. Earlier this month, Treasury officials traveled to China for a round of meetings of its economic and financial working groups, which cover cooperation on cybersecurity issues.

In response to the Salt Typhoon hack, the Commerce Department said this month that it ban several remaining China Telecom operationsone of the largest communications companies in the country, from the USA.

Alan Rappeport And Zixiu Wang provided reporting.