FOLLOW US

The US Treasury Department disclosed in December that it had fallen victim to a security breach involving a “China state-sponsored Advanced Persistent Threat actor” also known as Silk Typhoon. 

Subsequent reporting by Bloomberg and others has provided further details on the extent of the hack.

Investigators Identify Silk Typhoon as Culprit

The attack has been linked to a Chinese state-sponsored hacking group known by various names, including Silk Typhoon, Halfnium, and UNC5221. Investigators believe the intrusion was strategically timed to occur outside normal working hours to minimize detection. 

However, a spokesperson for the Chinese Foreign Ministry has dismissed the allegations, calling them “unwarranted and groundless.”

Scope of the Hack and Targeted Data

The hackers accessed more than 400 laptop and desktop computers, many of which were connected to senior leaders handling sensitive areas like sanctions, international affairs, and intelligence. 

The breach exposed usernames, passwords, and over 3,000 unclassified files on personal computers. These files included travel data, organizational charts, sanction-related documents, and foreign investment metrics.

Although the perpetrators obtained significant unclassified data, an agency report confirmed that classified systems and emails remained secure.

Approximately 50 unclassified files from Treasury Secretary Janet Yellen’s computer were stolen, alongside materials from her deputies, Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. 

Sensitive information related to investigations by the Committee on Foreign Investment—which oversees national security concerns tied to real estate and foreign investments—was also compromised.

https://usaherald.com/inauguration-day-trumps-ceremony-moved-indoors-due-to-extreme-weather-and-heightened-security/

No Evidence of Long-Term Presence

The report further noted that the attackers did not embed themselves within the Treasury’s systems for prolonged intelligence gathering nor did they leave behind malware.

Despite this, counterintelligence officials are conducting a “comprehensive damage assessment” to determine the full extent of the breach and a clean-up to make sure there are no undetected threat actors or malware remaining in the Treasury Department system.

This week, Treasury employees are set to brief the Senate Committee on Banking, Housing, and Urban Affairs to address the incident and discuss potential measures to enhance security.