
A sophisticated cyber attack by the Chinese hacking group Silk Typhoon has successfully infiltrated critical offices within the U.S. Treasury Department. The breach primarily affected the Committee on Foreign Investment in the United States (CFIUS) and the Office of Foreign Assets Control (OFAC), two crucial departments overseeing foreign investments and economic sanctions.
The attackers gained access using a stolen BeyondTrust Remote Support SaaS API key, targeting sensitive information about potential sanctions against Chinese entities. The Office of Financial Research was also compromised, though the full extent of the breach is still under investigation.
According to CISA, the incident was contained within the Treasury Department and did not spread to other federal agencies. Officials report that the hackers’ access was terminated after the compromised BeyondTrust instance was shut down.
Silk Typhoon, also known as Hafnium, has a history of targeting organizations across multiple sectors in the United States, Australia, Japan, and Vietnam. Their victims include defense contractors, think tanks, healthcare institutions, and educational facilities. The group gained notoriety in 2021 after exploiting ProxyLogon vulnerabilities in Microsoft Exchange Server, affecting over 68,500 servers.
The group’s primary objectives typically involve reconnaissance and data theft, often utilizing zero-day vulnerabilities and specialized hacking tools like the China Chopper web shell to achieve their goals.