State-sponsored Chinese hackers infiltrated the U.S. Treasury Department in December, specifically targeting the Office of Foreign Assets Control (OFAC). The breach, identified as a major cybersecurity incident, aimed to gain intelligence on potential financial sanctions against Chinese entities.
Inside the Breach of the OFAC
According to reports from The Washington Post, the attackers focused their efforts on the OFAC, the agency responsible for enforcing economic and trade sanctions. Intelligence analysts believe the primary objective was to intercept sensitive information regarding Chinese organizations currently under review for U.S. financial penalties.
Scope of the Cyberattack
Beyond the sanctions office, the state-sponsored actors successfully compromised multiple high-level departments within the Treasury. The breach extended to:
- The Office of the Treasury Secretary
- The Office of Financial Research
- Various employee workstations housing unclassified documentation
Detection and Response
The intrusion was first detected on December 8. The alarm was raised by BeyondTrust, a third-party provider of identity management software, which alerted the Treasury to the suspicious activity. While the Treasury has officially categorized the event as a “major cybersecurity incident,” the department has yet to provide further details regarding the full extent of the data exfiltration.
As of this reporting, the U.S. Treasury has not provided a statement addressing specific inquiries regarding the scope of the intelligence loss.