January 3, 2025 | Policy Brief
Chinese-Linked Hackers Accused of Infiltrating U.S. Treasury Department
January 3, 2025 | Policy Brief
Chinese-Linked Hackers Accused of Infiltrating U.S. Treasury Department
China is accelerating its efforts to compromise U.S. government systems through cyberattacks. In a letter to Congress on December 30, the Treasury Department revealed that hackers linked to Beijing had infiltrated several user workstations, gaining access to unclassified documents, but emphasized at the same time that “there is no evidence indicating the threat actor has continued access to Treasury systems or information.”
Having breached the security protocols of a third-party vendor, the attack targeted the Office of Foreign Assets Control (OFAC) and the Office of Financial Research, along with the office of Treasury Secretary Janet Yellen. Together with the “Salt Typhoon” attack against the American communication and information technology sectors, the “Volt Typhoon” attack against transportation, energy, and other U.S. critical infrastructure sectors, and “Flax Typhoon” attacks targeting Taiwan, the Treasury hack highlights Beijing’s growing reliance on cyberattacks to compete with Washington.
Beijing Relies on Cyber Campaigns to Counter Washington
While Beijing has long held an interest in the Treasury Department due to its collection of sensitive economic data, both on the United States and on China itself, the incident targeted offices linked directly to Washington’s China policy. OFAC has a key role in administering sanctions on Chinese individuals and firms, including those recently accused by the Treasury Department of aiding Russia in its war against Ukraine.
The attack is also part of a recent pattern of Chinese intrusions into U.S. government systems. In 2023, the Biden administration accused Chinese state-aligned actors of compromising Microsoft and gaining unauthorized access to the email accounts of senior U.S. government personnel. These included the accounts of Commerce Secretary Gina Raimondo, a key figure in implementing the Biden administration’s initial export restrictions on advanced technologies to China, and Nicholas Burns, the U.S. ambassador to China.
Chinese Hackers Continue to Target U.S. Critical Infrastructure
The Treasury hack also follows several Chinese hacking campaigns against U.S. critical infrastructure, particularly the nation’s telecommunications network. As part of a long-running intrusion by a group dubbed “Salt Typhoon” that was discovered in the summer of 2024, Chinese hackers operating under the auspices of Chinese state intelligence agencies penetrated at least nine U.S. telecommunications and internet service providers. The attack allowed hackers to gain access to the communications of high-ranking U.S. officials, including President-elect Donald Trump, Vice President Kamala Harris, and Senate Majority Leader Chuck Schumer (D-NY). The intrusion also allowed Chinese intelligence services to monitor Justice Department communications regarding suspected Chinese intelligence assets.
China has also sought to pre-position potentially harmful software within other critical infrastructure, with the aim of gaining leverage over the United States during a possible crisis. According to the Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the FBI, Chinese hackers penetrated communications infrastructure, electric and water utilities, and naval ports over the past five years. These attacks have targeted both communications systems that connect the United States to Asia and cyber systems within Taiwan, giving China the potential to wreak chaos on the island and hinder U.S. military mobilization in the event of a crisis.
Washington Must Strengthen U.S. Cybersecurity Defenses
In response to the hacking incident, Washington must continue to invest in strengthening critical infrastructure, including partnering with industry to close gaps within the U.S. telecommunications system. Specifically, the next Congress should require the Federal Communications Commission to issue stronger cybersecurity standards for telecommunications firms.
The incoming administration should also strengthen its oversight of third-party government contractors by continuing existing efforts to use the False Claims Act to ensure government contractors adhere to cybersecurity requirements.
Shoring up defenses, however, is not enough. The incoming administration should also expand the use of sanctions, criminal indictments, and other law enforcement tools against cyber operators, network infrastructure, and the Chinese technology firms assisting state-aligned hackers.
Jack Burnham is a research analyst in the China Program at the Foundation for Defense of Democracies (FDD). For more analysis from Jack and FDD, please subscribe HERE. Follow Jack on X @JackBurnham802. Follow FDD on X @FDD. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.