Summary: Chinese cyberspies have targeted multiple offices within the US Treasury Department, including those involved with foreign investments and sanctions, in a significant cyberattack. The breach, which has raised concerns about the potential for intelligence gathering, involved accessing unclassified information through compromised systems.
Threat Actor: Chinese cyberspies | Silk Typhoon
Victim: US Treasury Department | US Treasury Department
Key Point :
- Hackers gained initial access using a compromised API key from BeyondTrust’s remote management service.
- A critical zero-day vulnerability (CVE-2024-12356) was discovered during the investigation, likely exploited in the attack.
- The attack targeted systems associated with the Committee on Foreign Investment in the US (CFIUS) and the Office of Foreign Assets Control (OFAC).
- Officials are concerned that the compromised unclassified information could be pieced together for intelligence purposes.
- The attack has been linked to a Chinese group known as Silk Typhoon, also referred to as Hafnium.