U.S. officials on Jan. 10 said that as part of the recent cyberattack on the Treasury Department, Chinese hackers breached an interagency government office that reviews foreign investments for national security risks, according to CNN.
The U.S. officials who briefed CNN said the targeted office, the Committee on Foreign Investment in the U.S. (CFIUS), was granted greater authority in December to review real estate sales near American military bases.
U.S. officials across the government have expressed concern over increased cyberattacks by the Chinese in the last several months, citing China’s longstanding policy of industrial espionage.
The CNN story added that officials are also worried that the People's Republic of China (PRC) or their proxies could use land acquisitions to spy on American bases.
Considering that the breach was part of a broader incursion by the hackers into the Treasury Department's unclassified system, we can only surmise that they might have been lurking in the environment for some time and were only discovered when some information was being exfiltrated, said Agnidipta Sarkar, vice president and CISO Advisory at ColorTokens.
“Unless zero-trust-based cyber defense capabilities are adopted, Salt Typhoon types of attacks will continue to make initial access by finding weaknesses in IT service management capabilities, especially in trusted suppliers who do not fully follow the stringent cyber security control regimes as expected,” said Sarkar. “Authorities should prioritize enhanced identity governance, especially using passwordless multi-factor authentication, micro-segmentation, and software-defined perimeters to enhance their cyber defense posture.”
John Bambenek, president at Bambenek Consulting, said when CISA added the vulnerability used in the Treasury breach, they indicated multiple, unspecified offices.
“Now we know another target,” said Bambenek. “Between the TikTok fight, tariffs, and a renewed focus on China, any organization that has information relevant to the economic interests of China needs to prepare immediately for vigorous cyberattacks by the PRC.”
Casey Ellis, founder at Bugcrowd, said CFIUS makes a lot of sense as a target of the Treasury intrusion.
“With the change of administration, global tensions being as they are, and the Senate, congressional, and intelligence community pushing towards banning and/or labeling a growing number of Chinese technology companies as ‘under military control,’ the CCP is likely trying to get a stronger read on the specifics positions the USG is looking to take.”
