Sen. Tim Scott (R-SC), ranking member of the Senate Committee on Banking, Housing, and Urban Affairs, and Rep. French Hill (R-AR), vice chair of the House Financial Services Committee, on Thursday wrote to Treasury Secretary Janet Yellen demanding more details of a cyberattack on Treasury’s computer systems allegedly perpetrated by hackers linked to the Chinese government.
“This breach of federal government information is extremely concerning. As you know, Treasury maintains some of the most highly sensitive information on U.S. persons throughout government, including tax information, business beneficial ownership, and suspicious activity reports,” Scott and Hill wrote to Yellen.
“This information must be vigilantly protected from theft or surveillance by our foreign adversaries, including the Chinese Communist Party, who seek to harm the United States,” they wrote.
“As such, the fact that a CCP-sponsored APT actor was able to access Treasury’s information systems is unacceptable and raises serious questions about the protocols for safeguarding sensitive federal government information from future cybersecurity incidents,” the letter concluded.
APT stands for Advanced Persistent Threat, which is standard cybersecurity nomenclature for hacker groups. On Monday, the Treasury Department revealed that Chinese state-sponsored hackers were able to penetrate several of its workstations, gaining access to unclassified documents.
Treasury notified Congress that the intruders were able to steal security code keys from a third-party software provider called BeyondTrust, which detected the theft and warned the Treasury Department on December 8.
The stolen keys allowed the hackers to access a cloud service used by BeyondTrust to provide remote technical support for Treasury Department computers. The hackers used this capability to get past Treasury Department security and remotely manipulate several workstations.
“The compromised BeyondTrust service has been taken offline, and at this time there is no evidence indicating the threat actor has continued to access Treasury information,” Treasury Department Assistant Secretary for Management Aditi Hardikar informed Congress on December 30.
The Chinese Foreign Ministry immediately dismissed U.S. allegations of Beijing’s involvement in the data theft as “unwarranted,” “groundless,” and “disinformation motivated by a political agenda.”
Sen. Scott and Rep. Hill asked Yellen for a briefing, no later than January 10, that would provide Congress with more details about the incident, including exactly which Chinese APT group was involved, a full inventory of the information accessed by the hackers, and if the Treasury Department was aware of any security vulnerabilities with BeyondTrust software before the incident.
The Treasury Department hack slipped in right before the end of the year to become the fourth major known breach of U.S. computer systems by hackers linked to the Chinese government. The other three were known as Volt Typhoon, Flax Typhoon, and Salt Typhoon. Volt Typhoon targeted oil and water infrastructure, Salt Typhoon targeted broadband providers and telecom services, and Flax Typhoon created a massive botnet that could have been used as a weapon to overwhelm and shut down numerous computer systems, if it had not been detected and disabled.
Before Scott and Hill sent their letter to Yellen, the Treasury Department had informed Congress it would create a supplemental report about the cyberattack within 30 days.
On Thursday, the Washington Post reported the alleged Chinese hackers were able to breach security in the office of the Treasury Secretary and the Office of Foreign Assets Control (OFAC), which administers economic sanctions against foreign countries and individuals. The Treasury Department’s Office of Financial Research was also breached.
The full extent of the cyberattack was not revealed in Treasury’s first report to Congress, which is probably why Scott and Hill are urgently demanding more answers.
The Chinese government would be keenly interested in accessing data from OFAC, as a number of the sanctions it administers are directed against Chinese entities.
“Gaining access to even unclassified information held by OFAC could provide the Chinese government with valuable intelligence, as such information is used to build a case for sanctioning organizations and individuals,” former Department of Justice (DOJ) sanctions official David Laufman told the Washington Post.
