Last week, it was reported that Chinese cyber attackers penetrated the computer systems of the U.S. Department of Treasury, affecting several employee workstations. Bloomberg has since revealed that the situation was more critical than initially thought. The cyberattack reached the systems of Treasury Secretary Janet Yellen and other high-level personnel.

It was discovered that the hackers accessed documents from Secretary Yellen and several other key officials. The breach compromised over 400 computers and exposed more than 3,000 non-classified documents, which included sensitive data pertaining to sanctions, law enforcement, and international relations. The extent of the compromised data was much larger than what was first disclosed.

The Treasury’s report highlighted that the attackers obtained “law enforcement sensitive” details, particularly involving investigations by the Committee on Foreign Investment in the United States (CFIUS). This cyber assault, linked to a Chinese government-affiliated group, did not compromise classified networks but still posed significant security risks.

According to the report, the cyber intruders accessed less than 50 files on Yellen’s device and also penetrated systems containing information from Deputy Secretary Wally Adeyemo and Acting Under Secretary Brad Smith. The attackers extracted usernames, passwords, and documents associated with CFIUS from non-classified systems. Despite the high-profile nature of the targeted information, the department’s email and classified networks were not affected.

The breach was orchestrated by a group known as Silk Typhoon (UNC5221), which operated during off-hours to avoid detection and exploited flaws in the BeyondTrust software.

The Treasury identified the breach on December 8, immediately following an alert from BeyondTrust about vulnerabilities in their network. The department then notified the Cybersecurity and Infrastructure Security Agency (CISA) and sought support from the FBI and other intelligence agencies. The ongoing investigation seeks to assess the full scope of the damage and to devise strategies to prevent such incidents in the future.

This incident is part of a continuing pattern of cyberattacks by Chinese entities against U.S. government agencies. Prior attacks involved hacking into the email accounts of Commerce Secretary Gina Raimondo and U.S. Ambassador to China Nicholas Burns. China has consistently denied these allegations, dismissing them as unfounded.