FlagThis

The Chinese state-sponsored hacking group ‘Silk Typhoon’ has been linked to a significant breach of a US Treasury agency in December 2024, with further reports indicating they also compromised the Committee on Foreign Investment in the United States (CFIUS), which assesses national security risks associated with foreign investments. The attackers are suspected to have stolen sensitive information from both the Treasury and the CFIUS, which has raised significant concerns in the US government. This coordinated attack demonstrates a pattern of sophisticated cyber espionage activities by the Silk Typhoon group.

A Chinese state-sponsored hacking group, known as Silk Typhoon, infiltrated over 400 computers belonging to the US Treasury Department. The hackers gained access to sensitive information, including sanctions materials, travel data, and foreign investment metrics. The breach targeted computers focusing on sanctions, international affairs, and intelligence. The attackers were likely operating outside of normal working hours to avoid detection. The incident highlights the growing threat posed by state-sponsored hacking groups, particularly those operating from China.

Chinese state-sponsored threat actors compromised the US Treasury Department by exploiting a vulnerability in a third-party software provider, BeyondTrust. The attackers accessed employee workstations and exfiltrated unclassified documents. This incident highlights the risk associated with third-party dependencies and supply chain attacks. The attackers gained remote access, raising concerns about the security posture of government agencies. The affected systems were not immediately identified but were confirmed to be workstations.