In a bold cyber intrusion discovered last December, Chinese state-sponsored hackers gained access to U.S. Treasury Secretary Janet Yellen's computer and those of two senior deputies, according to Bloomberg News reports.
The breach, which Treasury officials labeled a "major incident," compromised fewer than 50 files on Yellen's machine. The hackers also infiltrated computers belonging to Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith.
The attackers specifically targeted information related to Treasury's work on sanctions, intelligence, and international affairs. While they accessed unclassified files on over 400 computers and 3,000 files on personal devices, the hackers did not breach classified systems or email communications.
The intrusion occurred through a security vulnerability in software provided by BeyondTrust Corp., a third-party cybersecurity vendor. Upon discovering the breach on December 8th, BeyondTrust alerted Treasury officials, who then notified the FBI, Cybersecurity and Infrastructure Security Agency, and other intelligence organizations.
Investigators identified the perpetrators as a Chinese government-backed group that deliberately operated outside business hours to avoid detection while collecting documents. The hackers also accessed data concerning the Committee on Foreign Investment in the United States, which evaluates security risks of foreign investments.
When asked about the incident, Chinese foreign ministry spokesperson Mao Ning stated that "China has always opposed all forms of hacker attacks."
This breach represents one of the highest-level compromises attributed to Chinese state actors within a U.S. federal department. Treasury officials have since briefed congressional lawmakers and staff about the incident.