US Treasury Is Latest Victim of Most ‘Persistent’ Hacking Threat
Jake Bleiberg
4 min read
(Bloomberg) -- A growing roster of political figures, US government agencies and companies that provide critical services have one thing in common: They have allegedly been hacked by China.
The latest victim is the US Treasury Department, which disclosed on Monday that Chinese state-sponsored hackers had breached its network via a third-party provider, accessing some unclassified documents.
While details of the hack remain scant, cybersecurity experts say it confirms what US intelligence officials warned earlier this year, that China is the “most active and persistent cyber threat to US government, private-sector and critical infrastructure networks.”
“The Russians get a lot of attention because of the use of disruptive cyberattacks,” said Adam Segal, director of the Council on Foreign Relations’ Digital and Cyberspace Policy Program, referring to Russia-linked hacks on the largest fuel pipeline in the US and a satellite network in Ukraine. “But the Chinese are the longer-term threat because of their technology and the scope and scale of their operations.”
Chinese officials have long denied US allegations of state-sponsored cyberattacks, and a Chinese Foreign Ministry spokesperson called the claims that it’s behind the Treasury hack “unwarranted and groundless.”
“China opposes all forms of hacking, and in particular, we oppose spreading China-related disinformation motivated by political agenda,” spokeswoman Mao Ning told reporters during a news conference in Beijing.
US officials, however, have been increasingly pointed in their criticism of China’s cyber threats and have vowed further punitive actions.
Just days before the Treasury hack was publicized, a White House official said the US had identified a ninth telecommunications company that was impacted by a vast spying campaign blamed on China. Not all the victims have been publicly identified but AT&T Inc. and Verizon Communications Inc. acknowledged being hit as part of the spying campaign.
The hackers accessed communications belonging to a “limited number” of people in government and politics that included then presidential candidate Donald Trump, his running mate Senator JD Vance and Vice President Kamala Harris’ campaign staff.
China was also accused in 2023 of breaking into the email accounts of key government officials including Commerce Secretary Gina Raimondo and, according to the Wall Street Journal, US Ambassador to China Nicholas Burns.
“It remains one of the most serious problems in this relationship,” Burns said in an interview with Bloomberg News earlier this month, adding that Chinese officials echo their public statements in closed-door meetings. “They deny there’s any Chinese cyber aggression undergoing, and that is absolutely not the case.”
Cui Hongjian, a former Chinese diplomat who teaches at Beijing Foreign Studies University, said hacking accusations between the US and China reflect a lack of mutual trust. “From China’s view, the US is accusing China more and more frequently and deliberately ‘smearing’ China’s image,” he said.
“While both sides attach importance to cybersecurity and see the other as a major threat, cyberattacks are more like a ‘scraping’ accident than a head-on collision in other policy areas, such as Taiwan, so the situation remains manageable,” he said.
Cybersecurity experts disagree on whether the frequency of Chinese hacks has gone up in recent years, or if more are simply being detected and publicly acknowledged.
But many agree that China’s cyber capabilities have vastly improved and that its focus has shifted.
Nearly a decade ago, for instance, Chinese state-sponsored hackers stole personal data on millions of government employees from the US Office of Personnel Management, according to authorities. China was also accused of hacking Equifax, Marriott hotels and the health insurance company Anthem to amass huge troves of data on Americans — information with economic and intelligence value that “can feed China’s development of artificial intelligence tools,” then US Attorney General William Barr said in 2020.
US officials also blamed China for stealing intellectual property from US companies in agriculture, biotech, health care, aviation, robotics and semiconductors, some of it via cyberattacks.
More recently, US officials have warned that Chinese hackers are trying to burrow into networks of companies that service critical parts of the economy, positioning for “disruptive or destructive” cyberattacks in event of a major crisis or conflict with the US.
China’s hacking capacity has been helped by building a talent pipeline running through world-class cybersecurity schools, said Dakota Cary, a consultant focused on China at the cybersecurity firm SentinelOne. “China now has many more hackers than it did a decade ago, allowing the state to carry out more attacks against a wider array of targets,” Cary said.
Segal, of the Council on Foreign Relations, said China’s hackers used to be like a burglar knocking on every door in the neighborhood to see which one is open. These days, he said, they can bypass home security, enter a house and lurk undetected.
“Financial, energy, and water companies will continue to feel the brunt of these attacks as China attempts to exploit vulnerabilities and plant malicious code to be executed at a later date,” said Brian Harrell, the former assistant secretary for infrastructure protection at the US Department of Homeland Security. “Many intrusions have been discovered, but I will guess that most have not.”
--With assistance from Jamie Tarabay and Colum Murphy.
