FlagThis

The Chinese state-sponsored hacking group known as "Silk Typhoon," also referred to as Hafnium, is reportedly behind a significant cyber breach targeting the US Treasury Department in December 2024. The hackers are believed to have exploited a stolen Remote Support SaaS API key, obtained through third-party cybersecurity vendor BeyondTrust, to access and steal data from workstations within the Office of Foreign Assets Control (OFAC). Silk Typhoon is known for its cyber espionage activities, typically using tools like the China Chopper Web shell, and has previously targeted sectors including education, healthcare, defense, and non-governmental organizations. The group also targeted the Treasury Department’s Office of Financial Research in the attack.

The same group is also implicated in breaching the Committee on Foreign Investment in the United States (CFIUS), which is a government office tasked with assessing national security risks associated with foreign investments. According to reports, the attackers gained access to CFIUS systems and are suspected of stealing sensitive information. The Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the exploits appear to be isolated to this specific agency, with no indication of other federal agencies being impacted. This coordinated attack highlights an escalation in the sophistication and scope of Silk Typhoon's cyber-espionage campaigns.

ImgSrc: media.cnn.com

References :

• ciso2ciso.com: Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach – Source: www.darkreading.com
• Pyrzout :vm:: Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach – Source: www.darkreading.com
• ciso2ciso.com: Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach – Source: www.darkreading.com
• BleepingComputer: Treasury hackers also breached US foreign investments review office
• Patrick C Miller :donor:: Chinese hackers breached US government office that assesses foreign investments for national security risks | CNN Politics
• bsky.app: Chinese hackers, part of the state-backed Silk Typhoon threat group, have reportedly breached the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments to determine national security risks.
• BleepingComputer: Chinese hackers, part of the state-backed Silk Typhoon threat group, have reportedly breached the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments to determine national security risks.
• www.cnn.com: Chinese hackers breached US government office that assesses foreign investments for national security risks | CNN Politics
• : Screaming Goat : Get it while it's still hot: I created an APT profile on "Silk Typhoon" (aka HAFNIUM) which is publicly attributed to the People's Republic of China (PRC) Ministry of State Security (MSS) by the . They've recently become popular again due to the hack of the U.S. Department of the Treasury via stolen API key from the BeyondTrust breach in December 2024.
• techcrunch.com: China hacked US Treasury's CFIUS, which reviews foreign investments for national security risks | TechCrunch
• infosec.press: Screaming Goat : APT profile on "Silk Typhoon" (aka HAFNIUM).
• techcrunch.com: China hacked US Treasury’s CFIUS, which reviews foreign investments for national security risks
• Techmeme: Sources: Chinese hackers breached CFIUS, the US government office that reviews foreign investments for national security risks (Sean Lyngaas/CNN)
• Patrick C Miller :donor:: China hacked US Treasury's CFIUS, which reviews foreign investments for national security risks | TechCrunch
• Metacurity: Chinese hackers breached US government office that assesses foreign investments for national security risks

Classification:

• HashTags: #CyberEspionage #APT #DataBreach
• Company: US Treasury
• Target: US Government
• Attacker: Silk Typhoon
• Product: CFIUS
• Feature: data theft
• Type: Espionage
• Severity: Major