Chinese cyber-surveillance campaigns against the United States appear to be on the rise, with reports indicating that Chinese hackers have now breached a key office within the US Treasury—the Committee on Foreign Investment in the United States (CFIUS). This hack is particularly significant because CFIUS is a government agency responsible for reviewing foreign investments to assess potential national security risks. The development was reported by CNN, citing three US officials aware of the matter.
The breach was not the sole incident but is said to be part of a larger-scale hacking operation targeting the US Treasury Department’s unclassified system. In fact, earlier, the US Treasury Department officially confirmed that it had suffered a significant cybersecurity breach in November 2024. The department also revealed that Chinese state-sponsored hackers had remotely accessed sensitive workstations and unclassified documents. They targeted a third-party service provider, BeyondTrust, which manages remote technical support services for government agencies.
The hackers not only breached the US Treasury Department but also specifically targeted its sanctions office. This office is responsible for enforcing economic sanctions. Interestingly, the office reportedly imposed sanctions on a Chinese firm just last week, which could potentially explain the motive behind this specific breach.
At a time when US-China tensions are rising, these Chinese hackers seem to be attempting to gain access to US government departments. They have even now targeted CFIUS, which holds the power to block Chinese investments in the United States. The reports suggest that in the past month, CFIUS assigned tasks to scrutinize real estate sales near US military bases. This means the hackers may have gained access to highly sensitive data.
While there is no evidence that classified information was compromised, officials are still said to be carefully examining the specific documents accessed by the hackers. This will help them understand the full scope of the breach and assess how the stolen information (if any) might impact national security.
Importantly, the U.S. Treasury Department is not the only target on the Chinese hackers’ list. Last year, in October, major U.S. telecom companies – including AT&T, Verizon, and Lumen – were targeted in a China-linked cyberattack. A highly skilled hacking group known as ‘Salt Typhoon’ was behind the cyberattack. Notably, the Salt Typhoon group is believed to be affiliated with China’s Ministry of State Security.
A series of cyberattacks in the U.S. have been linked to various Chinese hacking groups, including ‘Salt Typhoon,’ which breached the networks of at least nine U.S. telecom companies, and ‘Storm-0558,’ which accessed email accounts at around 25 organizations and government agencies. Another group – ‘MirrorFace’ – has been linked to multiple attacks on security and tech data.
