Summary: Silk Typhoon, a Chinese state-backed hacking group, has breached multiple offices within the U.S. Treasury Department, targeting systems that review foreign investments and administer sanctions. The attackers aimed to gather intelligence on potential sanctions against Chinese entities by exploiting a stolen API key.
Threat Actor: Silk Typhoon | Silk Typhoon
Victim: U.S. Treasury Department | U.S. Treasury Department
Key Point :
- Silk Typhoon breached the Committee on Foreign Investment in the United States (CFIUS) and the Office of Foreign Assets Control (OFAC).
- The attackers used a stolen BeyondTrust Remote Support SaaS API key to gain access to the Treasury’s network.
- The breach aimed to collect intelligence on Chinese individuals and organizations potentially facing U.S. sanctions.
- Silk Typhoon is known for its cyberespionage campaigns and has previously exploited vulnerabilities in Microsoft Exchange Server.
- The impact of the breach is still under assessment, with no evidence of continued access after the API key was shut down.