Chinese Hackers Penetrated The US Treasury

Uploaded on 2025-01-01 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

Britain's Chancellor of the Exchequer, Rachel Reeves, will visit China this month in an attempt to improve ‘economic and financial cooperation’. It seems likely that the members of the Chinese government she will be very well informed, not least because of intelligence gathered by China’s prolific nation-state hackers.

Their latest high profile exploit was revealed last week when the US Treasury disclosed that it had fallen victim of what it called a ‘major cyber security incident’.

The Treasury has blamed  Chinese hackers, who successfully accessed individual employee work-station, enabling them to view documents. They also say that the documents accessed were unclassified, the infected user computers disconnected and no evidence found that the hacker remain the Treasury networks.

The hackers were detected by leading access management cyber security firm, BeyondTrust,  who have reported that the hackers gained access by stealing a security key, although they have not revealed how many Treasury employee computers were  were breached.

China official sources have denied any involvement, describing the Treasury Dept chargers  "baseless" and saying it "consistently opposes all forms of hacking". Coincidentally, the alleged Treasury hacking follows allegations made by the Chinese security agency CNCERT/ CC that US intelligence agencies had attacked two  Chinese technology firms to steal commercial sensitive information.

This latest high-profile exploit follows the hacking of major US telecommunications firms, enabling Chinese hackers to gain access to private texts and phone conversations of prominent political and business leaders, reportedly including President-elect Trump and his incoming vice-president J.D. Vance. The attack was blamed on a Chinese group known as Salt Typhoon. 

The US and Britain have previously accused China of a long-term hacking campaign targeting politicians, journalists and businesses, blaming China’s ministry of state security, its main spy agencies and hacking affiliates. Indeed, China is thought to have invested heavily in a network of private sector contractors as it has vastly expanded its cyber capabilities. 

Amongst recent British targets are the Electoral Commission, which had access to information on tens of millions of UK voters, and a company providing pay-roll services to the Ministry of Defence, which may have exposed personal information about British military personnel. 

The UK’s intelligence agencies have said that China is now their top priority,and Ken McCallum, Head of the MI5 domestic spy agency has describing Chinese espionage as ‘a sustained campaign on a pretty epic scale’.

Other damaging exploits undertaken by another Chinese hacking group known as Volt Typhoon. According  to Jen Easterly, Director of the US Cybersecurity and Infrastructure Agency (CISA). This group is focused on penetrating critical infrastructure for the purpose of sabotage. Their targets include naval ports, internet service providers, communications services and utilities like water, aviation and energy. Volt Typhoon has apparently maintained long-term access to systems for years, pre-positioning destructive malware which could be activated for future acts of sabotage in times of conflict. 

CISA said that while the main target was US infrastructure, the infiltration was likely to have affected America’s Five Eyes, Canada, Australia, New Zealand and the Britain. 

The timing of the Treasury Department hacking revelations could have significant geo-political consequences as as they come come to light just before Donald Trump’s second Presidential inauguration, and the start of a US  administration which is expected to take a tougher line on relations with China. This is in contrast to Rachek Reeves’ imminent visit to China, during which she will discuss the re-opening of a Joint Economic and Trade Commission, set up in 1996 to promote trade and investment between the two countries, but suspended in 2020 after China imposed a national security law on Hong Kong. 

Reeves will have had a briefing with the aim to improve ties with an increasingly hostile China, however,  government officials and business leaders visiting the country are advised to take disposable 'burner phones' and throwaway laptops, as no electronic device can be considered safe once it has been exposed to ubiquitous Chinese domestic surveillance.  

Forbes   |    Spectator   |    BBC   |   Reuters   |   AlJazeera   |    Guardian  |   Morning Star  |   

Image: Ideogram

You Might Also Read: 

FBI & CISA Advice - Use Encrypted Messaging:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Volkswagen Suffers A Massive Data Breach
How Small & Medium Businesses Can Safeguard Their Critical Assets Against Evolving Cyber Threats »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Waterfall Security Solutions

Waterfall Security Solutions

Waterfall Security is focused on protecting critical infrastructure and industrial control systems from remote online cyber attacks,

Andrisoft

Andrisoft

Andrisoft develops WANGUARD, an anti-DDoS Software solution that monitors IP traffic using packet-based and flow-based Sensors, and protects networks

Egress Software Technologies

Egress Software Technologies

Egress Software Technologies is a leading provider of data security services designed to protect shared information throughout its lifecycle.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Association of Information Security Professionals (AISP)

Association of Information Security Professionals (AISP)

The Association of Information Security Professionals (AISP) represents the interests of information security professionals in Singapore.

XBOSoft

XBOSoft

XBOSoft is a software QA and testing company. We cover the entire QA and testing life cycle including software and application security.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

URS Certification

URS Certification

United Registrar of Systems (URS Certification) is an independent certification body operating in more than 30 countries within the multinational URS Holdings.

Cyber Security Jobs

Cyber Security Jobs

Cyber Security Jobs was formed to help job seekers find jobs and recruiters fill cyber security job vacancies.

Absio

Absio

Absio provides the technology you need to build data security directly into your software by default, and the design and development services you need to make it happen.

FluidOne

FluidOne

FluidOne are an award-winning Connected Cloud Solutions provider. We design tailored solutions to help customers and partners digitally transform their IT and communications.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

WIIT Group

WIIT Group

WIIT Group are focused on a single goal: securing our clients’ critical processes and enabling them for digital transformation.