hendryadrian.com (Focus Mode)

Summary: Chinese cyberspies have targeted multiple offices within the US Treasury Department, including those involved with foreign investments and sanctions, in a significant cyberattack. The breach, which has raised concerns about the potential for intelligence gathering, involved accessing unclassified information through compromised systems.

Threat Actor: Chinese cyberspies | Silk Typhoon
Victim: US Treasury Department | US Treasury Department

Key Point :

Hackers gained initial access using a compromised API key from BeyondTrust’s remote management service.
A critical zero-day vulnerability (CVE-2024-12356) was discovered during the investigation, likely exploited in the attack.
The attack targeted systems associated with the Committee on Foreign Investment in the US (CFIUS) and the Office of Foreign Assets Control (OFAC).
Officials are concerned that the compromised unclassified information could be pieced together for intelligence purposes.
The attack has been linked to a Chinese group known as Silk Typhoon, also referred to as Hafnium.

Source: https://www.securityweek.com/china-targeted-foreign-investment-sanctions-offices-in-treasury-hack-reports/