FlagThis

The US Treasury Department sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe, and a Shanghai-based hacker, Yin Kecheng, for their involvement in the Salt Typhoon cyberattacks. These attacks targeted major US telecom companies, compromising sensitive data and the US Treasury’s network, including systems used for sanctions and foreign investment reviews, and even impacted the computer of the outgoing Treasury Secretary Janet Yellen. This highlights the ongoing sophisticated cyber espionage campaigns from China targeting critical infrastructure and government entities within the US and globally. The sanctioned entities are directly linked to the Chinese Ministry of State Security (MSS), and used a combination of zero-day exploits and other techniques for infiltrating networks and exfiltrating data. The compromise of the Department of the Treasury’s network is considered a major breach, potentially impacting national security due to access to sensitive information.

A Chinese state-sponsored hacking group, known as Silk Typhoon, infiltrated over 400 computers belonging to the US Treasury Department. The hackers gained access to sensitive information, including sanctions materials, travel data, and foreign investment metrics. The breach targeted computers focusing on sanctions, international affairs, and intelligence. The attackers were likely operating outside of normal working hours to avoid detection. The incident highlights the growing threat posed by state-sponsored hacking groups, particularly those operating from China.

A sophisticated cyber espionage campaign, dubbed ‘Operation Digital Eye,’ targeted business-to-business IT service providers in Southern Europe. Attackers leveraged Visual Studio Code Tunnels and Azure infrastructure for command and control, exploiting the tunnels for stealthy remote access. The campaign lasted approximately three weeks, from late June to mid-July 2024.