Chinese hackers breach US Treasury systems, access Janet Yellen’s computer and sensitive files

The hackers reportedly breached more than 400 computers and 3,000 files on personal devices

January 17, 2025

Chinese hackers breach US Treasury Secretary Janet Yellen’s computer

In a significant cybersecurity breach, Chinese hackers reportedly infiltrated the computer systems of US Treasury Secretary Janet Yellen, along with those of Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. According to a Bloomberg report, the breach occurred in December and compromised at least 50 files from Yellen’s system, along with thousands more across the Treasury Department.

Extent of the breach

The hackers targeted over 400 devices within the Treasury Department, gaining unauthorized access to more than 3,000 files. Among the stolen data were sensitive documents related to the Committee on Foreign Investment in the United States (CFIUS), which assesses the national security implications of foreign investments.

Exploited software vulnerability

The breach was traced to a vulnerability in software provided by BeyondTrust Corporation, a third-party cybersecurity service provider. The flaw, identified and disclosed by BeyondTrust on December 8, allowed hackers to exploit Treasury Department systems. Following the incident, the Treasury Department alerted the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other intelligence agencies, and briefed Congress on the scope and impact of the attack.

Link to Chinese state actors

Investigations by US agencies have attributed the attack to Chinese government-backed hackers. Evidence suggests the operation focused on data collection and occurred after business hours to avoid detection. The US Treasury Department has described the breach as a serious incident, underlining its impact on national security and Treasury operations.

Response and denial

Chinese Foreign Ministry spokesperson Mao Ning denied the allegations, reiterating China’s opposition to all forms of cyberattacks. Despite the denial, the incident has heightened concerns about vulnerabilities in critical US systems and the increasing sophistication of state-sponsored cyber operations.

Previous treasury breaches

This breach follows a similar cybersecurity incident in December 2022, where Chinese hackers accessed unclassified documents and workstations within the Treasury Department through another compromised third-party software provider. While officials reported no evidence of ongoing unauthorized access, the repeated attacks emphasize the need for strengthened cybersecurity measures.

The incident underscores the challenges posed by state-sponsored cyberattacks and the critical importance of securing sensitive governmental systems against future threats.

For all the latest updates, download PGurus App.