FlagThis

The US Treasury Department sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe, and a Shanghai-based hacker, Yin Kecheng, for their involvement in the Salt Typhoon cyberattacks. These attacks targeted major US telecom companies, compromising sensitive data and the US Treasury’s network, including systems used for sanctions and foreign investment reviews, and even impacted the computer of the outgoing Treasury Secretary Janet Yellen. This highlights the ongoing sophisticated cyber espionage campaigns from China targeting critical infrastructure and government entities within the US and globally. The sanctioned entities are directly linked to the Chinese Ministry of State Security (MSS), and used a combination of zero-day exploits and other techniques for infiltrating networks and exfiltrating data. The compromise of the Department of the Treasury’s network is considered a major breach, potentially impacting national security due to access to sensitive information.

Chinese state-sponsored threat actors compromised the US Treasury Department by exploiting a vulnerability in a third-party software provider, BeyondTrust. The attackers accessed employee workstations and exfiltrated unclassified documents. This incident highlights the risk associated with third-party dependencies and supply chain attacks. The attackers gained remote access, raising concerns about the security posture of government agencies. The affected systems were not immediately identified but were confirmed to be workstations.

The FBI and CISA have jointly issued a warning about a significant cyber espionage campaign targeting US telecommunications infrastructure, allegedly orchestrated by Chinese-backed hackers. The campaign, which commenced in late October, has compromised the private communications of individuals, particularly those involved in government affairs. The extent of the breach and the specific methods employed by the attackers remain unclear, but the impact on US national security is substantial. This campaign underscores the growing threat posed by state-sponsored actors who leverage sophisticated cyber techniques to gather intelligence and influence political affairs. The compromised communications could be used to gain insights into government policies, strategies, and internal discussions, potentially giving the Chinese government a strategic advantage.