State-sponsored Chinese hackers breached U.S. Treasury Secretary Janet Yellen’s computer, accessing thousands of unclassified documents in December, anonymous sources told Bloomberg on Thursday.
The hackers also infiltrated computers belonging to two of Yellen’s lieutenants, Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith, the report said.
The breach is the latest in a series of Chinese-linked hacking incidents targeting federal officials and agencies throughout President Joe Biden’s term.
The Treasury wrote that Yellen “expressed serious concern about malicious cyber activity by [People’s Republic of China] state-sponsored actors and its impact on the bilateral relationship” in a Jan. 6 statement after the secretary met virtually with Chinese Vice Premier He Lifeng.
BIDEN: “If we end up in a war, a real shooting war, with a major power, it’s going to be as a consequence of a cyber breach.” pic.twitter.com/wsCvmMLU1N
— Daily Caller (@DailyCaller) July 27, 2021
The Chinese hackers reportedly breached Yellen’s accounts along with over 400 other computers, accessing staffers’ login credentials and more than 3,000 unclassified files on personal devices. The operatives prioritized files related to sanctions, intelligence and international affairs ahead of President-elect Donald Trump’s inauguration Monday, the outlet reported.
The Treasury alerted lawmakers to the initial breach in a Dec. 30 letter, which said Chinese operatives were able to “access certain unclassified documents.”
“A threat actor had gained access to a key used by the vendor to secure a cloud-based service used to remotely provide technical support for Treasury Departmental Offices end users,” Assistant Secretary for Management at the Treasury Aditi Hardikar wrote.
“With access to the stolen key, the threat actor was able to override the service’s security, remotely access certain Treasury DO user workstations, and access certain unclassified documents maintained by those users.”
The hackers were reportedly able to breach the computers by exploiting BeyondTrust, a third-party software company the Treasury uses. Hardikar said the service has since been “taken offline” and that there is “no evidence indicating the threat actor has continued access to Treasury information.”
The state-sponsored breach is among several throughout Biden’s tenure. The numerous cyberattacks, which intensified in early 2023, targeted telecommunications companies, utility infrastructure and multiple federal agencies, including the State and Commerce Departments.
