Chinese hackers targeted sanctions office in Treasury attack

​Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs.

OFAC was created in December 1950, blocking all Chinese and North Korean assets under U.S. jurisdiction after China entered the Korean War.

In a letter sent to Congress this week, the Treasury Department disclosed that Chinese government threat actors hacked its network in what it described as a “major cybersecurity incident” after breaching the BeyondTrust remote support SaaS platform.

According to a Washington Post report, U.S. officials have since revealed that the attackers specifically targeted the agency’s OFAC department, likely to collect intelligence on what Chinese individuals and organizations the U.S. might consider sanctioning.

While the same officials said the hackers also breached the Treasury’s Office of Financial Research and the full impact of the attack is still being assessed, there is no evidence that the attackers still have access to the agency’s systems after shutting down the compromised BeyondTrust instances.

Chinese state hackers, known as “Salt Typhoon,” have also been linked to recent breaches of nine U.S. telecom firms, including Verizon, AT&T, and Lumen.

The White House’s deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters that the same cyber-espionage group is also believed to have breached carriers in dozens of other countries.

After breaching their systems, Salt Typhoon accessed the text messages, voicemails, and phone calls of targeted individuals, as well as wiretap information of those under investigation by U.S. law enforcement.

Since this massive wave of telecom breaches, CISA urged government officials to switch to end-to-end encrypted messaging apps like Signal to reduce the risks of communication interception.

The U.S. government also reportedly plans to ban China Telecom’s last active U.S. operations, while U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecoms from similar hack attempts.