The U.S. Treasury Department told lawmakers in a December letter that an outside party accessed its documents and workstations in a security breach. It described the attack as “a major cybersecurity incident” and attributed it to a “state-sponsored advanced persistent threat actor from China.” Now, Washington Post has reported that bad actors infiltrated a “highly sensitive office” within the Treasury tasked with deliberating and administering US government sanctions.
As The mail As he explains, the Office of Foreign Assets Control (OFAC) is in possession of important information that could be very useful to the government of another country. While the hackers were only able to steal unclassified data, they could still have obtained the identities of potential sanctions targets. They also may have stolen evidence the agency had collected as part of its investigation into entities the government plans to sanction. Overall, the attackers could have obtained enough information to know how the United States develops sanctions against foreign entities.
In addition to OFAC, the Office of the Secretary of the Treasury and the Office of Financial Investigation were also affected by the breach. The attackers infiltrated Treasury systems by gaining access to a key used by BeyondTrust, a cloud-based service that provides technical support to the department.
The US government has attributed numerous cyberattacks on its US agencies and companies to Chinese state-sponsored actors over the years. Last year, the FBI blamed “actors affiliated with the People's Republic of China” for a massive attack on American telecommunications companies. The actors, a group known as Salt Typhoon, allegedly attacked the mobile devices of diplomats, government officials and others linked to both presidential campaigns. According The mailChinese officials called claims that their country was involved in the attack on the Treasury Department “baseless” and insisted that their government “has always opposed all forms of hacker attacks.”
