Earlier this week, the U.S. Treasury Department alerted lawmakers that a China-state-sponsored actor had breached Treasury workstations in an apparent hack.
Treasury officials, who characterized the cyberattack as a “major incident,” according to a letter reviewed by CNN, said they were informed of the hack by a third-party software service provider on December 8. A threat actor reportedly used a stolen key to help remotely access Treasury workstations and unclassified documents.
In early December, The Dallas Express reported that a group known as “Salt Typhoon,” based in China, infiltrated no less than eight major U.S. telecommunications firms, stealing large amounts of cellphone data. Attacks on companies like Dallas-based AT&T have exposed sensitive information, including government wiretappings.
A report from 2024 revealed that Beijing was employing private companies alongside state actors to find ways to leverage technology to assist with spying and malware attacks. In one prior instance, Chinese-sponsored hackers reportedly invaded Microsoft networks in Guam. At first, it was thought the attack only impacted telecommunications. Later, it was revealed that electricity, water, and fuel operations were also susceptible to disruption.
Eduardo Contreras, the CEO of a cybersecurity firm, said the prospect of growing digital infrastructure attacks originating from China should be treated as a significant threat, even for small businesses in Texas.
“I cannot emphasize enough how much the constant barrage of malware and cyberattack attempts originating from China and America’s other global adversaries impacts the small businesses we serve in Central Texas and beyond,” Contreras wrote in an opinion piece published in The Dallas Express in 2023.
Mao Ning, a spokesperson for China’s foreign ministry, denies the country was involved in the latest incident at the U.S. Treasury.
“We have repeatedly stated our position on such groundless accusations lacking evidence. China has always opposed all forms of cyberattacks, and we are even more opposed to spreading false information about China for political purposes,” Mao said at a December 31 news briefing, per CNN.
It is unclear whether the Treasury has fully identified the extent of the recent attack.