Chinese hackers targeted sanctions office in Treasury attack
Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs.
OFAC was created in December 1950, blocking all Chinese and North Korean assets under U.S. jurisdiction after China entered the Korean War.
In a letter sent to Congress this week, the Treasury Department disclosed that Chinese government threat actors hacked its network in what it described as a "major cybersecurity incident" after breaching the BeyondTrust remote support SaaS platform.
According to a Washington Post report, U.S. officials have since revealed that the attackers specifically targeted the agency's OFAC department, likely to collect intelligence on what Chinese individuals and organizations the U.S. might consider sanctioning.
While the same officials said the hackers also breached the Treasury's Office of Financial Research and the full impact of the attack is still being assessed, there is no evidence that the attackers still have access to the agency's systems after shutting down the compromised BeyondTrust instances.
Chinese state hackers, known as "Salt Typhoon," have also been linked to recent breaches of nine U.S. telecom firms, including Verizon, AT&T, and Lumen.
The White House's deputy national security adviser for cyber and emerging technologies, Anne Neuberger, told reporters that the same cyber-espionage group is also believed to have breached carriers in dozens of other countries.
After breaching their systems, Salt Typhoon accessed the text messages, voicemails, and phone calls of targeted individuals, as well as wiretap information of those under investigation by U.S. law enforcement.
Since this massive wave of telecom breaches, CISA urged government officials to switch to end-to-end encrypted messaging apps like Signal to reduce the risks of communication interception.
The U.S. government also reportedly plans to ban China Telecom's last active U.S. operations, while U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecoms from similar hack attempts.
Volkswagen Breach Exposes Data of 800K EV Customers
New DoubleClickjacking attack exploits double-clicks to hijack accounts
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
MediumCWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
HighCWE-243 Creation of chroot Jail Without Changing Working Directory
CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface
CWE-213 Exposure of Sensitive Information Due to Incompatible Policies
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-1246 Improper Write Handling in Limited-write Non-Volatile Memories
Free online web security scanner