US Treasury Secretary Janet Yellen’s computer was compromised in a cyber-espionage campaign linked to Chinese state-sponsored hackers, according to individuals familiar with the breach. Alongside Yellen, Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith were also targeted in this sophisticated attack. The hackers accessed fewer than 50 unclassified files from Yellen’s device but also infiltrated a larger network of Treasury computers.
The breach, attributed to a group known as Silk Typhoon or UNC5221, highlights the ongoing vulnerabilities in US government agencies. The attackers focused on the Treasury’s involvement in sanctions, intelligence, and international financial policies. While email and classified systems remained untouched, the intrusion extended to over 400 laptops and desktops, exposing usernames, passwords, and thousands of unclassified files, including “law enforcement sensitive” materials.
Breach Discovery and Response
The attack was first identified on December 8, 2024, when software contractor BeyondTrust Corp. reported that hackers had exploited their networks to infiltrate the Treasury Department. The department promptly involved the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and other intelligence agencies to investigate.
A Treasury report, reviewed by Bloomberg News, revealed that the hackers operated during non-business hours to evade detection. They also targeted sensitive information related to the Committee on Foreign Investment in the US (CFIUS), an entity responsible for evaluating the national security risks of foreign investments.
Congressional Briefings and Fallout
Treasury officials briefed lawmakers and congressional aides about the breach earlier this week, coinciding with a Senate Finance Committee hearing for Scott Bessent, President-elect Donald Trump’s nominee for Treasury Secretary. This high-level cyberattack underscores the rising threat of state-sponsored hacking campaigns aimed at critical US departments.
Ongoing Tensions with China
The Chinese government has consistently denied involvement in cyberattacks. A Foreign Ministry spokesperson recently dismissed allegations about the Treasury breach as “unwarranted and groundless.” However, this is not the first time Beijing has been implicated in similar incidents. In 2023, Chinese hackers were accused of compromising the email accounts of high-ranking officials, including Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns.
The growing sophistication and persistence of such campaigns call for enhanced cybersecurity measures to protect sensitive government data.
