China Breaches US Treasury’s CFIUS: Uncovering Risks in Foreign Investment Security

Recent reports reveal that Chinese hackers have successfully infiltrated a critical office within the U.S. Treasury, an agency responsible for evaluating foreign investments and transactions that may jeopardize national security. This breach raises serious concerns about safeguarding sensitive information and the integrity of U.S. financial systems.

Details of the Cyber Breach

CNN has cited U.S. officials familiar with the situation, indicating that the hackers specifically targeted the Committee on Foreign Investment in the United States (CFIUS). This committee holds the authority to approve or reject transactions that pose potential risks to national security, including corporate mergers and acquisitions involving sensitive U.S. data.

Investigation and Response

In response to the breach, a spokesperson from the Treasury did not provide comments when approached. However, last week, Treasury officials confirmed to TechCrunch that they are looking into a “major cybersecurity incident.” This investigation follows a breach at one of their security vendors, BeyondTrust. It has been reported that the hackers gained access using a stolen BeyondTrust key, allowing them to remotely infiltrate employee workstations and access documents on the department’s unclassified network.

Additionally, it was disclosed that the hackers also compromised the Office of Foreign Assets Control (OFAC), which manages international financial sanctions.

Cybersecurity Agency Findings

The Cybersecurity and Infrastructure Security Agency (CISA) announced this week that there is currently no evidence suggesting that the hackers infiltrated any other U.S. government departments during this operation.

Identity of the Hacking Group

Bloomberg reports that the group behind this attack is known as Silk Typhoon, previously referred to as “Hafnium.” This China-backed hacking collective is notorious for conducting extensive hacking campaigns aimed at stealing sensitive information from various entities.

Context of Recent Cyber Attacks

The breach at the Treasury is part of a broader pattern of cyber incidents linked to the “Typhoon” hackers. These attacks have included:

• Targeting private communications of U.S. government officials.
• Prepositioning destructive malware within U.S. critical infrastructure.

Such measures could potentially be activated in the event of a future conflict between China and the United States.

Despite these accusations, the Chinese government has consistently denied involvement in these cyberattacks.

Learn More about Cybersecurity Threats

For more information on cybersecurity and the ongoing threats posed by hacking groups, visit CISA’s official website or explore our internal resources on cybersecurity threats.