The United States recently said that hackers linked to the Chinese government breached the U.S. Treasury Department’s computer security guardrails in early December and stole declassified documents. In a letter informing lawmakers of the incident, the US Treasury Department called the intrusion a “major incident” and said the hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access employee workstations.
The incident adds to a series of security breaches at telecommunications companies and government agencies in the US and other Western countries in 2024.
What was hacked?
According to the Treasury Department letter, in the latest attack, hackers “exploited a cloud-based service used by a vendor to secure remote access to provide technical support for end users of Treasury Departmental Offices (DOs).” Gained access to the key.”
It says, “With access to the stolen keys, the threat actor was able to circumvent the security of the service, remotely access certain Treasury DO user workspaces, and access certain unclassified documents created by those users.” “
This was followed by news in late October that hackers targeted phones used by Donald Trump and his running mate JD Vance. People working for the campaign of Vice President Kamala Harris were also targeted.
The FBI and the Cybersecurity and Infrastructure Security Agency (CSA) said there was “unauthorized access to commercial telecommunications infrastructure” by “actors associated with the People’s Republic of China.”
It appears that the purpose of these hacks is to collect data related to powerful individuals that could benefit the Chinese government.
The hackers also reportedly accessed a database of phone numbers subject to law enforcement wiretaps, information that experts believe could be used to find out which foreign spies are under surveillance.
Recently, America’s two largest telecommunications companies – AT&T and Verizon – also admitted that they were targeted by the Salt Typhoon cyber espionage operation linked to China. According to the White House, seven other top telecom companies were also the targets of the hackers.
In an attack on these telecom companies, the data of millions of Americans could have been compromised.
According to a BBC report, China-linked campaigns by Western governments have also targeted the UK Electoral Commission and the parliaments of Britain and New Zealand.
About hackers?
Although complete details about the hackers have not yet been revealed, US officials believe that these security breaches are being carried out by various entities linked to the Chinese state. Security firms have reportedly given these hacking groups nicknames.
For example, the group behind the telecom hack is commonly known as Salt Typhoon, a name coined by Microsoft researchers. Other companies have reportedly named it Famous Sparrow, Ghost Emperor and Earth Astri, the BBC reports.
Another group, nicknamed Volt Typhoon, has been accused of breaking into critical infrastructure organizations for potentially disruptive attacks.
Earlier in 2024, America had accused seven Chinese citizens of hacking. US Justice Department officials linked him to an operation called Zirconium or Judgment Panda. According to the UK National Cyber Security Centre, the same operation targeted the emails of UK MPs in 2021.
FBI Director Christopher Wray recently called Salt Typhoon’s hack of telecom companies China’s “most significant cyber-espionage campaign in history.” He previously said that China’s hacking program is larger “compared to all other major countries”.
China’s response
Meanwhile, China has denied its involvement in the incident. According to news agency Agence France-Presse, China’s Foreign Ministry spokesman Mao Ning claimed that the allegations made by the US were “baseless” and “lacking evidence”.
Mao said, “China steadfastly opposes all forms of hacking and firmly rejects the spread of disinformation targeting China for political purposes.”
Chinese embassy spokesman Liu Pengyu also rejected the allegations, calling it an attempt to “defame” China’s reputation.
“The United States must stop using cybersecurity to smear and discredit China and stop spreading all forms of misinformation about so-called Chinese hacking threats,” he said in a statement.
