State-sponsored Chinese hackers who breached the U.S. Treasury Department infiltrated more than 400 laptops and desktops, showing particular interest in the computers of employees and senior executives involved in sanctions, international affairs and intelligence, Bloomberg reports, citing the agency's report, UNN writes.
Details
The report says that the hackers gained access to employee usernames and passwords, as well as more than 3,000 files on unclassified personal computers. This included policy and travel documents, organizational charts, materials on sanctions and foreign investment, and "confidential law enforcement data." The perpetrators allegedly stole the materials, but apparently did not penetrate the ministry's classified or email systems, according to the findings.
The hackers also gained access to the materials of investigations conducted by the Committee on Foreign Investment in the United States, which is considering the national security implications of certain real estate purchases and foreign investments in the United States.
The report says there is no evidence that the hackers were trying to hide in the ministry's systems for long-term intelligence gathering, and adds that there was no evidence of malware on the hacked devices.
On December 8, software contractor BeyondTrust Corp. notified the U.S. Treasury Department that the ministry had been breached by hacking into the company's networks. The ministry reported the hack to the Cybersecurity and Infrastructure Security Agency within an hour of confirmation, the report said, and then asked for help from the FBI, intelligence agencies, and other incident response teams.
According to the report, investigators attributed the hack to a state-sponsored Chinese entity known among cybersecurity professionals as Silk Typhoon and UNC5221. They found that the hackers prioritized document collection and operated outside of normal business hours to avoid detection, the report said.
Chinese officials have long denied U.S. accusations of state-sponsored cyberattacks, with a Foreign Ministry spokesman last month calling claims that it was behind the hacking of the U.S. Treasury Department "unfounded and baseless.
Counterintelligence officers are still conducting a "comprehensive assessment of the damage," the report says.
In its report to Congress, the U.S. Treasury Department said it was considering alternatives to Beyond Trust.