248
Chinese hackers carried out a large-scale cyberattack on the US Treasury Department, gaining access to more than 400 employee computers, including management.
According to an internal report from the Ministry of Finance, which was obtained by Bloomberg, the units dealing with sanctions policy, international relations, and intelligence activities were hit.
The attackers took over employee credentials and accessed more than 3000 files. The stolen materials included documentation on sanctions policy, foreign investment, organizational charts, travel documents, and confidential law enforcement data. However, according to preliminary estimates, the agency's classified systems and email were left intact.
The report, sent to Congress on January 15, reveals the unprecedented scale of what American officials classify as “intrusion by a foreign competitor” into a key agency responsible for managing the national debt, implementing sanctions policy, and shaping US economic policy.
The cyberattack was discovered on December 8, when BeyondTrust Corp., a software vendor, notified the Treasury Department that its networks had been compromised. The investigation linked the attack to Chinese hacking groups Silk Typhoon and UNC5221. The attackers operated methodically, focusing on gathering documentation and conducting operations during off-hours to avoid detection.
The hacking activity lasted from late September to mid-November of last year, affecting 419 computers. Particular attention was paid to the Office of Foreign Assets Control, the Office of International Affairs, and the Office of Intelligence and Analysis. Counterintelligence is currently conducting a comprehensive assessment of the damage caused.
Notably, investigators found no signs of malware or long-term intelligence gathering. Beijing has categorically denied any involvement in the cyberattack, calling the allegations “unfounded and baseless.”
