(Bloomberg) — Chinese state-sponsored hackers who breached the US Treasury Department got into more than 400 laptop and desktop computers, taking particular interest in the machines of staff and senior leaders focused on sanctions, international affairs and intelligence, according to an agency report reviewed by Bloomberg News.
Most Read from Bloomberg
-
Chicago Agency Pitches $1.5 Billion Plan to Fix Transit Woes
-
Churches, Cinemas — and Moon Artifacts — Top List of Endangered Monuments
The hackers accessed employee usernames and passwords, as well as more than 3,000 files on unclassified personal computers, the report said. That included policy and travel documents, organizational charts, material on sanctions and foreign investment, and “Law Enforcement Sensitive” data. The perpetrators likely stole material but appear not to have gotten into Treasury’s classified or email systems, according to the findings.
The hackers also got access to material on investigations run by the Committee on Foreign Investment in the United States, which reviews the national security implications of some real estate purchases and foreign investments in the US.
The report, which is dated Wednesday and addressed to members of Congress, offers the fullest picture to date of what US officials say was a foreign rival’s intrusion into an agency central to managing the national debt, issuing sanctions and shaping US economic policy.
There’s no evidence that the hackers tried to lurk in Treasury’s systems for longer-term intelligence gathering, the report states, adding that there was no evidence of malware on the compromised devices.
Treasury spokesperson Chris Hayden declined to comment Wednesday. FBI representatives didn’t immediately respond to a request for comment.
On Dec. 8, software contractor BeyondTrust Corp. notified the Treasury that the department had been breached through a hack of the company’s networks. The department reported the breach to the Cybersecurity and Infrastructure Security Agency within an hour of confirming it, the report states, and later sought help from the FBI, intelligence agencies and other incident response groups.
Investigators attributed the hack to a Chinese state-sponsored actor known among cybersecurity professionals as Silk Typhoon and UNC5221, according to the report. They found that the hackers prioritized the collection of documents and operated outside of normal working hours to avoid detection, the report said.