Chinese Hack Targeted US Treasury Sanctions Data
“Socalj” for Borderland Beat
Chinese government hackers breached the U.S. Treasury office that administers economic sanctions, the Washington Post reported on Wednesday, identifying targets of a cyberattack Treasury disclosed earlier this week.
Citing unnamed U.S. officials, the Washington Post said hackers compromised the Office of Foreign Assets Control and the Office of Financial Research and also targeted the office of U.S. Treasury Secretary Janet Yellen.
The department earlier this week disclosed in a letter to lawmakers that hackers stole unclassified documents in a “major incident.” It did not specify which users or departments were affected.
Liu Pengyu, spokesperson for the Chinese Embassy in Washington, said the “irrational” U.S. claim was “without any factual basis” and represented “smear attacks” against Beijing. The statement said China “combats all forms of cyberattacks” and did not directly address the Washington Post’s reporting on specific targets.
The Washington Post quoted its sources as saying that a top area of interest for the Chinese government would be Chinese entities that the U.S. government may be considering designating for financial sanctions.
Chinese state-sponsored hackers breached the U.S. Treasury Department’s computer security guardrails this month and stole documents in what Treasury called a “major incident,” according to a letter to lawmakers, that Treasury officials provided to Reuters on Monday.
According to the letter, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.
With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
“Based on available indicators, the incident has been attributed to a China state-sponsored Advanced Persistent Threat (APT) actor,” the letter said.
The Treasury Department said it was alerted to the breach by BeyondTrust on Dec. 8 and that it was working with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to assess the hack’s impact.
Officials stated that the hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access unclassified documents, the letter said.
Chinese firms, individuals and entities have been a frequent target for U.S. sanctions, which Washington has used as a key tool in its foreign policy towards Beijing.
The United States considers China’s its biggest foreign policy challenge, and last month Yellen told Reuters that Washington would not rule out sanctions on Chinese banks, as it seeks to reduce Russia’s oil revenue and access to foreign supplies to fuel its war in Ukraine.
Borderland Beat has seen a recent increase in OFAC sanctions against individuals and groups money laundering in China. Chinese connected organized crime networks have largely provided money drop, transfer and laundering services for cartels. The low percentages, access to cryptocurrency and direct access to precursor chemicals have brought an increase in money laundering through Chinese bank accounts.
Primarily, sanctions had been against biotech, pharmaceutical and supply companies selling to cartel connection groups and traffickers.
#border