All About String Of Cybersecurity Breaches In US That Were Blamed On China

The United States recently said that hackers, linked to the Chinese government, breached the US Treasury Department’s computer security guardrails in early December and stole unclassified documents. In a letter notifying the incident to lawmakers, the US Treasury Department called the infiltration a “major incident” and said the hackers compromised third-party cybersecurity service provider BeyondTrust and were able to access employee workstations.

The incident adds to a series of security breaches at telecommunications companies and government agencies in the US and other Western countries in 2024. 

What All Was Hacked?

According to the Treasury Department’s letter, in the latest attack, hackers “gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices (DO) end users.”

“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users,” it added.

This followed news in late October that hackers targeted phones used by Donald Trump and his running mate JD Vance. People working for Vice-President Kamala Harris’s campaign were also targeted.

The FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) said “unauthorized access to commercial telecommunications infrastructure” was carried out by “actors affiliated with the People’s Republic of China”.

These hacks seem to have been aimed at collecting data related to powerful individuals that could benefit the Chinese government.

The hackers have reportedly also accessed a database of phone numbers subject to law enforcement wiretaps, the knowledge which, experts believe could be used to discover which foreign spies are under surveillance.

Recently, America’s two of the largest telecom companies– AT&T and Verizon– also acknowledged they were targeted by the Chinese-linked Salt Typhoon cyberespionage operation. According to the White House, seven other top telecommunications firms were also targeted by hackers.

The data of millions of Americans could have been compromised in attacks on these telecom companies.

According to a report by BBC, operations linked by Western governments to China have also targeted the UK’s Electoral Commission, and the UK and New Zealand parliaments.

About The Hackers?

While full details about the hackers are yet to be revealed, the US authorities believe these security breaches are being orchestrated by different units linked to the Chinese state. Security firms have reportedly nicknamed these hacking groups. 

For instance, the group behind the telecoms hack is most commonly known as Salt Typhoon, the name given to it by researchers at Microsoft. Other firms have reportedly dubbed it Famous Sparrow, Ghost Emperor and Earth Estrie, according to the BBC report.

Another group, nicknamed Volt Typhoon, has been accused of breaking into critical infrastructure organisations for potential disruption attacks.

Earlier in 2024, the US charged seven Chinese citizens for hacking. The US Justice Department officials linked them to an operation known as Zirconium or Judgment Panda. According to The UK’s National Cyber Security Centre, the same operation targeted UK parliamentarians’ emails in 2021.

FBI Director Christopher Wray recently dubbed Salt Typhoon’s hack of telecoms companies as China’s “most significant cyber-espionage campaign in history”. He previously said China’s hacking programme was bigger “than [that of] every other major nation combined”.

China’s Response

China has, meanwhile denied its involvement in the incident. China’s foreign ministry spokeswoman Mao Ning claimed the allegations made by the US were “baseless” and “lacking evidence”, according to news agency Agency France-Presse. 

“China consistently opposes all forms of hacking and firmly rejects the dissemination of false information targeting China for political purposes,” Mao said.

Chinese Embassy spokesman Liu Pengyu also dismissed the accusations and called them an effort to “smear” China’s reputation.

“The U.S. needs to stop using cybersecurity to smear and slander China, and stop spreading all kinds of disinformation about the so-called Chinese hacking threats,” he said in a statement.