In a significant cybersecurity breach, the U.S. Department of the Treasury has reported unauthorized access to its systems, with officials attributing the intrusion to hackers linked to the Chinese government. The attackers reportedly accessed employee workstations and unclassified documents, marking what the department describes as a "major incident."
According to a BBC report, the cyberattacks targeted high-profile individuals, including President-elect Donald Trump and Vice-President-elect JD Vance, while also breaching a law enforcement wiretap database, potentially exposing surveillance on foreign spies. The report also notes that millions of Americans may have had their data compromised in attacks on telecommunications companies.
This breach is the latest in a series of cyber-attacks targeting U.S. entities, including major telecommunications companies and government agencies. In late October, both major U.S. presidential campaigns were targeted by actors affiliated with the People's Republic of China, according to statements from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). Additionally, in September, reports surfaced of operations breaching security at top telecommunications firms, with at least nine companies, including AT&T and Verizon, being compromised.
Earlier in the year, in March, seven Chinese nationals were charged with running a hacking operation that lasted at least 14 years, targeting foreign critics of China, businesses, and politicians. These operations have also extended to other Western targets, including the UK's Electoral Commission and the parliaments of the UK and New Zealand.
The hacking groups involved are identified by various codenames assigned by security firms. The group behind the telecoms hack is commonly known as "Salt Typhoon," a designation by Microsoft researchers; other firms have referred to it as "Famous Sparrow," "Ghost Emperor," and "Earth Estrie." Another group, "Volt Typhoon," has been accused of infiltrating critical infrastructure organizations with the potential intent of conducting disruption attacks. The seven Chinese citizens charged earlier were linked by U.S. Justice Department officials to an operation known as "Zirconium" or "Judgment Panda," which also targeted UK parliamentarians' emails in 2021, according to the UK's National Cyber Security Centre.
Just two weeks ago, the U.S. government initiated a national security investigation into TP-Link, the leading Chinese router manufacturer whose devices dominate approximately 65% of the U.S. home and small business router market. This scrutiny arose from concerns that TP-Link routers have been exploited in cyberattacks linked to Chinese state-backed actors, targeting both public and private sectors, including Department of Defense contractors.
The Chinese government has consistently denied involvement in these cyber-attacks. However, the frequency and scope of these incidents have heightened tensions between China and Western nations, prompting calls for enhanced cybersecurity measures and international cooperation to address the growing threat of state-sponsored cyber espionage. As investigations continue, U.S. officials are assessing the full extent of the breaches and implementing measures to bolster the security of critical infrastructure and governmental systems.
