- The US Treasury has revealed that its Office of Foreign Investment was hit in a recent cyberattack.
- Office reviews national security risks for investments
- Third-party vendor breach led to access to US Treasury systems
The U.S. department that screens foreign investments for national security risks has emerged as another victim of the cyberattack that targeted the U.S. Treasury Department earlier this month.
The attack was declared a “major incident” after a third-party cybersecurity service provider was compromised, allowing a malicious actor to remotely access key Treasury systems.
The Committee on Foreign Investment in the United States (CFIUS) suffered a data breach as part of the campaign, CNN revealed. The department screens foreign investments for national security risks and recently gained authority to review real estate sales near U.S. military bases, with the ability to block Chinese investments in the United States.
Carefully chosen targets
This news is the latest in a series of developments following the hack of the US Treasury Department, in which hackers were able to gain access used by the hacked vendor to bypass parts of the Treasury Department’s systems.
The attack has raised serious concerns among U.S. officials, who are reportedly increasingly concerned that the Chinese government or its proxies plan to use land acquisitions to spy on U.S. bases.
In the broader context of the Treasury attack, other targets appear to have been chosen with Sino-US relations in mind. For example, the US sanctions office has been targeted – which last week sanctioned a Chinese company for its alleged role in cyberattacks.
Cyber espionage campaigns launched in recent months against US and Western targets aim not only to steal information and access sensitive data, but also to disrupt critical infrastructure.
In another recent attack, Chinese group Salt Typhoon allegedly hacked 9 major telecommunications companies as part of a broad campaign against US critical infrastructure. Victims included Verizon, AT&T and Lumen Technologies, which had bad actors hiding in their networks for months.
