The U.S. Treasury Department said in a December letter that the attack was the work of a “Chinese government-sponsored advanced persistent threat actor.” Now we know more about the extent of the hack. .
The hacking group breached more than 400 laptop and desktop computers, most of which were focused on “sanctions, international affairs and intelligence.” They also accessed employees’ usernames and passwords, in addition to more than 3,000 files on unclassified personal computers. These documents include travel data, organizational charts, sanctions data and foreign investment indicators.
The perpetrators stole much of this data but did not have access to the Treasury Department’s confidential information systems or email systems, according to the agency report. Hackers accessed data related to an investigation conducted by the Foreign Investment Committee. This committee reviews the security implications associated with purchasing real estate and foreign investments in the United States.
The agency report also notes that there was no evidence that the hackers attempted to hide in Treasury systems for long-term intelligence gathering and that they did not leave behind any malicious code.
Investigators said the intrusion was the work of a notorious Chinese government-backed hacking group called Silk Typhoon, Halfnium, or UNC5221. The hacks were reportedly carried out outside regular working hours to avoid detection. Last month, a Chinese Foreign Ministry spokesman accused the attack of being state-sponsored.
Counterintelligence officials are still conducting a “comprehensive damage assessment,” but Treasury officials are expected to brief the Senate Banking, Housing and Urban Affairs Committee on the matter this week.
