Chinese state-sponsored hackers infiltrated the computer of US Treasury Secretary Janet Yellen in a sophisticated cyber-espionage campaign, according to sources familiar with the incident. The breach also affected two senior Treasury officials, Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. While fewer than 50 unclassified files were accessed on Yellen’s device, the attack compromised a broader network of systems within the Treasury Department.

Scope and Tactics of the Breach

The hacking group, known as Silk Typhoon or UNC5221, exploited vulnerabilities in the Treasury’s systems to target data related to sanctions, intelligence, and international financial policies. Investigators confirmed that more than 400 devices were compromised, giving the attackers access to employee credentials, sensitive unclassified files, and materials involving law enforcement investigations.

According to a Treasury report reviewed by Bloomberg News, the hackers focused on collecting key documents and operated during non-business hours to evade detection. However, the department’s classified systems and email communications remained secure.

Identification and Response

The breach was first detected on December 8, 2024, when software contractor BeyondTrust Corp. alerted Treasury officials about a network intrusion. Treasury immediately involved the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other intelligence bodies to investigate and mitigate the attack.

The report indicated that the hackers accessed files related to the Committee on Foreign Investment in the US (CFIUS), an agency tasked with assessing the national security implications of foreign investments. Such targeting suggests the attackers aimed to gather intelligence on sensitive economic and policy decisions.

Briefings and Escalating Concerns

Treasury staff provided briefings to lawmakers and congressional aides earlier this week, coinciding with a Senate Finance Committee hearing for Scott Bessent, the nominee for Treasury Secretary in President-elect Donald Trump’s administration. The breach has raised alarms about the persistent threat of state-sponsored cyberattacks targeting critical US government departments.

Tensions with China

The Chinese government has denied responsibility for the attack, with a spokesperson from its Foreign Ministry calling the accusations “groundless.” Despite these denials, this breach adds to a growing list of cyber incidents attributed to Beijing. In 2023, Chinese hackers were accused of compromising email accounts belonging to high-ranking US officials, including Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.

This latest incident underscores the urgent need for enhanced cybersecurity measures to safeguard sensitive data within federal agencies. The continued targeting of high-profile government officials demonstrates the growing sophistication and persistence of state-sponsored cyber-espionage campaigns.