US Treasury told legislators in a letter back in December that its documents and workstations had been accessed by an outside party as a result of a security breach. It described the attack as a “major cybersecurity incident” and attributed it to “Chinese state-sponsored Advanced Persistent Threat.” Now, Washington Post reported that the attackers had infiltrated a “highly secret office” at the Treasury Department responsible for discussing and applying US government sanctions.
How Message explains that the Office of Foreign Assets Control (OFAC) has some important information that can be very useful to the government of another country. Although the hackers were only able to steal unclassified data, they were still able to obtain the identities of potential targets of sanctions. They could also have stolen evidence the agency had collected as part of its investigation into organizations the government was about to sanction. In general, attackers could obtain enough information to learn how the United States develops sanctions against foreign organizations.
In addition to OFAC, the Office of the Secretary of the Treasury and the Office of Financial Research were also affected by the breach. The attackers penetrated Treasury systems by gaining access to a key used by BeyondTrust, a cloud service that provides technical support to the department.
The US government has for years attributed numerous cyberattacks on its agencies and US companies to Chinese state-sponsored activities. Just last year, the FBI charged “China-linked actors” with Massive hack of US telecommunications companies. The actors, a group known as the Salt Typhoon, reportedly targeted the mobile devices of diplomats, government officials and others associated with both presidential campaigns. According to MessageChinese officials called claims that their country was involved in the attack on the Treasury Department “baseless” and said their government has “always opposed all forms of hacking attacks.”