The US Treasury Department announced in a letter dating back to December that it was This was attributed to a “Chinese state-sponsored advanced persistent threat actor.” Now we know more about the extent of the penetration, .
The hacking group gained access to more than 400 laptops and desktop computers, many of them It focused on “sanctions, international affairs and intelligence.” They also gained access to employee usernames and passwords, as well as more than 3,000 files on unclassified personal computers. These documents included travel data, regulatory charts, sanctions articles, and foreign investment metrics.
The agency’s report notes that the perpetrators likely stole a large trove of this data, but were unable to access the Treasury Department’s confidential email or email systems. The hackers gained access to materials related to the investigations conducted by CFIUS. This committee reviews the security implications surrounding purchases of real estate and foreign investments in the United States.
The agency’s report also notes that there is no evidence to suggest that the hackers attempted to hide in Treasury systems for the purpose of gathering long-term intelligence, nor did they leave behind any malware.
Investigators attributed the hack to a notorious Chinese state-sponsored hacking group called Silk Typhoon, Halfnium, or UNC5221. It has been suggested that they hacked outside normal business hours to avoid detection. Last month, a Chinese Foreign Ministry spokesman described the accusation as state-sponsored
Counterintelligence officials are still in the midst of a “comprehensive damage assessment,” but Treasury Department staff are scheduled to brief the Senate Banking, Housing and Urban Affairs Committee on the issue this week.
https://s.yimg.com/os/creatr-uploaded-images/2025-01/4b96d9e0-d434-11ef-bfff-39671a214ab7
Source link