The United States blaming China for yet another major cyberattack? It’s almost not news anymore. Still, last week’s report that Washington is accusing Beijing for breaching the Treasury shows that the cyberwarfare between the two countries is as intense as ever.
Last week, the US Treasury said that China-linked hackers compromised the department’s networks earlier in December and gained access to the laptops of some senior officials.
Although the Cybersecurity and Infrastructure Security Agency later said other federal agencies were spared in the breach, the Treasury still called the alleged state-sponsored cyberattack a “major incident.”
That’s because documents were still stolen, and the attackers indeed chose important targets – as per The Washington Post, they concentrated on the Office of Foreign Assets Control (OFAC), responsible for sanctions, the Office of the Treasury Secretary Janet Yellen, and the Treasury’s Office of Financial Research.
China has denied the allegations and called them “groundless,” and we’ll have to wait for more insights from the Treasury as the investigation is ongoing.
What were they looking for?
There’s probably no big rush. The accessed documents weren’t classified, the attackers most likely don’t have access to Treasury systems, and both sides seem to be trying to contain the fallout, at least in public.
According to the Treasury, Yellen “expressed serious concern” about the incident during a high-level virtual meeting with Chinese Vice Premier He Lifeng on Monday. But the release quite respectfully calls the conversation “candid, in-depth, and constructive.”
Still, the Treasury indeed maintains some of the most highly sensitive information on US persons throughout the government, including tax information, business beneficial ownership, and suspicious activity reports.
Specifically, targeting the OFAC – which, again, enforces trade and economic sanctions programs – could be linked to China attempting to find out what Chinese individuals and organizations the US might consider sanctioning.
Yellen herself underscored to her Chinese counterpart the “significant consequences” that companies, including those in China, would face if they provided material support for Russia’s war against Ukraine and Donald Trump, the incoming US president, loves tariffs.
Besides, it’s not the first time in recent months the US has blamed Chinese state-sponsored threat actors for major breaches.
Almost a year ago, American authorities said they had dismantled a China-sponsored hacker network called Volt Typhoon that had targeted critical infrastructure inside the US and gained the ability to shut down US ports, power grids, and other targets almost at will.
Next, a Chinese threat actor labeled Salt Typhoon breached several internet service providers in the US and was able to access data from over a million users, even picking up audio from senior government officials.
Beijing has also accused Washington of hacking its critical cyber infrastructure recently and said the US was “choking the internet.” Clearly, the cyberwar between the two largest economies in the world is escalating.
Skilled and stealthy cyber soldiers
“This [Treasury] breach sharpens tensions between the US and China, reflecting a broader trend where cyber operations blur the lines between espionage and aggression,” Andrew Borene, executive director of global security at threat intelligence firm Flashpoint, said.
“Such actions complicate international diplomacy and risk escalation,” added Borene, who used to work in the US Office of the Director of National Intelligence.
To him, the scope of alleged Chinese state-sponsored hacking attacks seems very ambitious.
“The breach hits home just how comprehensive and multi-pronged the Chinese effort to infiltrate American infrastructure has become in particular, coming to light alongside pervasive espionage using US telecom services,” said Borene.
Washington, or at least the outgoing Joe Biden administration, could be sending quite an urgent signal that cyber diplomacy is by now a necessity. Some sort of treaty on responsible behavior in cyberspace would come in handy, for instance.
Numerous sources told The Wall Street Journal (WSJ), the outlet that first broke the story about the telecom hack, that Beijing is playing a long game. In fact, the same daily recently quoted US officials who directly said that the Chinese hackers now have to be considered “military weapons.”
China’s keyboard warriors, officials say, “once seen as the cyber equivalent of noisy, drunken burglars,” have graduated into astonishingly skilled and stealthy cyber soldiers, building leverage inside US computer networks in case open conflict between the countries breaks out, say, over Taiwan.
According to the WSJ, some US national security officials believe the telecom hack is so serious and the networks so compromised that Washington might never be able to conclude that the uninvited guests from China have actually been forced to leave.
A lot is playing behind the scenes, of course – there’s, for example, an unwritten rule that espionage against other states is permissible as long as the ripple effects aren’t too disruptive.
But, clearly, the cyberattacks are disruptive by nature – and serious enough for the US to decide to go public and openly attribute the Treasury hack and others to a Chinese state-sponsored operation.
Washington, or at least the outgoing Joe Biden administration, could be sending quite an urgent signal that cyber diplomacy is by now a necessity. Some sort of treaty on responsible behavior in cyberspace would come in handy, for instance.
On the other hand, Trump’s America could play the TikTok ban or trade tariffs cards – be that as it may, the world needs the two powers to have a serious conversation about the dangers ahead.
Your email address will not be published. Required fields are markedmarked