Chinese hackers have infiltrated the information systems of the Committee on Foreign Investment in the United States (CFIUS), an entity responsible for assessing foreign transactions with implications for national security. This breach forms part of a broader cyberattack on the systems of the Department of the Treasury, according to three U.S. officials.
The attack targeted data linked to CFIUS’s authority to review transactions, including the sale of properties near military installations. Such incidents raise concerns that Chinese entities might leverage this information for espionage purposes.
The breach also impacted a division of the Treasury Department responsible for sanctions, including recent measures against a Chinese company implicated in cyberattacks. While the exact nature of the stolen data remains unclear, U.S. officials caution that even unclassified information could pose a threat when aggregated with other data.
The Treasury Department stated that hackers exploited a vulnerability in a third-party provider to gain remote access to several workstations. A department representative confirmed that unauthorized access has since been terminated.
Chinese authorities continue to deny any involvement in cyberattacks. A spokesperson for the Chinese embassy in Washington dismissed the allegations as lacking evidence. Meanwhile, U.S. Treasury Secretary Janet Yellen voiced concerns about the breach during discussions with her Chinese counterpart, noting that such incidents erode trust between the two nations.
Amid escalating tensions between the U.S. and China, the CFIUS breach represents yet another episode in a series of cyber-espionage campaigns, intensifying pressure on the American government. The incoming Trump administration is already preparing stricter measures against China, including initiatives for cyber-offensives.
U.S. officials emphasize that safeguarding systems against cyber threats will be a critical priority given the relentless rise in hacker activity. This underscores the urgent need to enhance cybersecurity measures to protect national interests.
