US Treasury Cyber Breach: Chinese Hackers Exploit Vulnerabilities to Access Top Officials’ Computers

Jan 17, 2025

Overview

In December 2024, Chinese state-sponsored hackers infiltrated the U.S. Treasury Department's systems, gaining unauthorized access to the computers of top officials, including Secretary Janet Yellen. This breach, deemed a "major incident" by Treasury officials, compromised over 3,000 unclassified files across 419 workstations.

Details of the Breach

US Treasury Cyber Breach: Chinese Hackers Exploit Vulnerabilities to Access Top Officials’ Computers Summary

The cyberattack was facilitated through a vulnerability in a third-party vendor, BeyondTrust, which provides cybersecurity services to the Treasury Department. The attackers exploited a stolen API key and two zero-day vulnerabilities—CVE-2024-12356 and CVE-2024-12686—to bypass security measures and gain privileged access to Treasury systems. BeyondTrust detected anomalous activity on December 2, confirmed the breach by December 5, and notified the Treasury Department on December 8.

Impact on Treasury Officials

The hackers accessed unclassified files on the computers of Secretary Janet Yellen, Deputy Secretary Wally Adeyemo, and Acting Under Secretary Brad Smith. Specifically, fewer than 50 files were accessed on Yellen's machine. The compromised data included sensitive information related to sanctions enforcement and international financial affairs.

Response and Mitigation

Upon discovery, the compromised BeyondTrust service was promptly taken offline. The Treasury Department has been collaborating with the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and external forensic experts to assess the full impact of the intrusion. Officials have stated that there is no evidence of ongoing access by the hackers following mitigation efforts.

International Reactions

In response to the breach, Treasury Secretary Janet Yellen raised serious concerns about "malicious cyber activity" by Chinese state-sponsored actors during a virtual meeting with Chinese Vice Premier He Lifeng. The Chinese government has denied any involvement in the attack, with a spokesperson for China's Ministry of Foreign Affairs dismissing the allegations as baseless and politically motivated.

Conclusion

This incident underscores the persistent threat posed by advanced persistent threat (APT) actors linked to nation-states and highlights vulnerabilities in third-party software services used by government agencies. The Treasury Department has emphasized its commitment to strengthening its cyber defenses and reevaluating its reliance on external cybersecurity providers like BeyondTrust.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.

Latest News

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants
2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

2025's Largest Supply Chain Hack: Oracle Cloud Breach Exposes 6M Records Across 140K+ Tenants

Mar 27, 2025

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted
Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Elon Musk Claims X Hit by Massive Cyberattack from 'Ukraine Area' – Platform Disrupted

Mar 12, 2025

Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist
Bybit Suffers Historic $1.5 Billion Ethereum Heist

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Bybit Crypto Exchange Hit by $1.5 Billion Ethereum Hack – Largest Digital Heist in History

Feb 25, 2025

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals
Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Harley-Davidson Data Breach: Over 66,700 Customer Records Exposed by Cybercriminals

Feb 12, 2025

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations
Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Cybercriminal Claims to Have Stolen Waze User Data, Including GPS Locations

Feb 12, 2025

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)
Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)
Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)
Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Alkem Labs Loses ₹22 Crore in Cyber Fraud: A Case of Business Email Compromise (BEC)

Feb 11, 2025

Get updates in your inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Get updates in your

inbox directly

You are now subscribed.

Get updates in your inbox directly

You are now subscribed.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.

Enable your employees as first line of defense and expand your digital footprints without any fear.