Jan 15, 2025 06:00:00

Chinese government hackers 'Silk Typhoon' infiltrate US government agency that reviews national security risks of overseas investments

It has been revealed that Silk Typhoon, a hacker group backed by the Chinese government, has launched a cyber attack targeting

the Committee on Foreign Investment in the United States (CFIUS) , which reviews foreign investment in the United States from the perspective of national security risks.

Chinese hackers breached US government office that assesses foreign investments for national security risks | CNN Politics
https://edition.cnn.com/2025/01/10/politics/chinese-hackers-breach-committee-on-foreign-investment-in-the-us/index.html

Biden Administration Rushes to Finish Cybersecurity EO After China Treasury Hack - Bloomberg
https://www.bloomberg.com/news/articles/2025-01-08/white-house-rushes-to-finish-cyber-order-after-china-hacks

Treasury hackers also breached US foreign investments review office
https://www.bleepingcomputer.com/news/security/treasury-hackers-also-breached-us-foreign-investments-review-office/

On January 10, 2025, foreign media CNN reported that hackers had broken into the systems of the CFIUS office at the U.S. Treasury Department, citing three officials familiar with the matter.

In December 2024, BeyondTrust, a security company that serves the U.S. Department of the Treasury, was subjected to a cyber attack in which its remote support SaaS API key was stolen.

The hackers are also believed to have used the stolen API keys to access the Office of Foreign Assets Control (OFAC), another Treasury Department division that oversees economic sanctions. Authorities said, 'The hackers' objective was likely to be to gather information on Chinese organizations and individuals that the United States may consider sanctioning.'

According to a January 6, 2025

announcement by the Cybersecurity and Infrastructure Security Agency (CISA), the impact of this security incident was limited to the Department of the Treasury, and no other government agencies have been found to be affected.

On January 8, 2025, foreign media outlet Bloomberg reported that the series of cyber attacks was the work ofSilk Typhoon (Hafnium), a Chinese state-sponsored attack actor.

Silk Typhoon has been known to target medical and government organizations in the United States, Australia, Japan, and Vietnam.

Silk Typhoon is believed to have used the stolen BeyondTrust keys to access non-classified information about potential sanctions and other documents, according to people familiar with the matter.

The second Trump administration, which will take office on January 20, 2025, is expected to include several cabinet members who are calling for tougher measures against China due to national security concerns.

Rep. Mike Waltz, the incoming National Security Advisor to the President, posted on Twitter, 'America can no longer afford to defend itself in cyberspace. We must go on the offensive and make those who steal our technology and attack our infrastructure pay a price,' suggesting a more drastic response to China.

America can't afford to just play defense on cyber anymore.

We've got to go on the offensive and impose COSTS on those who are stealing our technology and attacking our infrastructure. pic.twitter.com/24XT97LDaQ

— Rep. Mike Waltz (@michaelgwaltz) December 24, 2024