Chinese hackers targeted US Treasury’s sanctions office OFAC
State-sponsored hackers from China have breached the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC), an office that administers economic sanctions against countries and groups of individuals.
Earlier this week the US Treasury announced that a China state-sponsored Advanced Persistent Threat or APT group had gained access to a security key that was used by third-party software service provider BeyondTrust to secure a cloud-based service used to remotely provide technical support for the Treasury Department’s end users.
The service was taken down immediately and there’s no indication the threat actor has any access to the Treasury’s information. The documents that were accessed were unclassified.
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Intelligence Community and third-party investigators are turning over every rock to investigate the overall impact and scope of the incident.
Officials have labeled the event as a ‘major incident’ and are dealing with it accordingly.
According to The Washington Post, both the Office of Foreign Assets Control (OFAC) and the Department of the Treasury’s Office of Financial Research have been targeted by state-sponsored hackers from the People’s Republic of China (PRC).
Anonymous sources told the news outlet that the attack reflects Beijing’s determination to acquire intelligence on its most significant rival in the global competition for power and influence.
A spokesperson of the Treasury Department declined to comment. The Chinese Ministry of Foreign Affairs called the claims of the breach “groundless”, and reiterated the PRC’s government statement that China “has always opposed all forms of hacker attacks”.
The breach comes at a time that the US government is handling another cyberespionage campaign that’s also attributed to Chinese hackers.
In the recent months, nine US telecommunications companies have been attacked by state-sponsored hacking group Salt Typhoon. T-Mobile, AT&T and Verizon have officially confirmed they were compromised and are investigating the unauthorized breaches.
According to the FBI and CISA, the attackers were able to lay their hands on confidential information of a limited number of government officials.
Your email address will not be published. Required fields are marked