The office conducts investigations into possible victims of sanctions.
In a letter that was sent to lawmakers in December, the United States Treasury Department disclosed that they had experienced a security compromise that resulted in an external entity gaining access to their papers and workstations. It referred to the attack as "a major cybersecurity incident" and stated that it was carried out by a "China state-sponsored Advanced Persistent Threat actor." A "highly sensitive office" within the Treasury Department, which is responsible for deciding and administering sanctions imposed by the United States government, has been penetrated by the bad actors, according to a report by The Washington Post.
According to The Post, the Office of Foreign Assets Control (OFAC) is in possession of a number of significant pieces of information that could prove to be of great assistance to the administration of another nation. Despite the fact that the hackers were only able to take data that was not secret, they nevertheless had the opportunity to obtain the identities of possible sanction targets. In addition to this, it is possible that they stole bits of evidence that the agency had gathered as part of its investigation into organizations that the government is considering punishing. It is possible that the perpetrators of the attack obtained sufficient material to provide them with an understanding of the process by which the United States formulates sanctions against foreign entities.
In addition to the Office of Foreign Assets Control (OFAC), the hack also affected the Office of the Treasury Secretary and the Office of Financial Research among other organizations. BeyondTrust is a cloud-based service that offers the Treasury Department technical support. The attackers gained access to a key that was utilized by BeyondTrust, which allowed them to breach the Treasury Department's networks.
Over the course of several years, the United States government has been able to connect a number of cyberattacks on its agencies and American firms to actors backed by the Chinese government. The Federal Bureau of Investigation (FBI) blamed "PRC-affiliated actors" for a colossal hack on US telecom corporations just one year ago. There have been reports that the actors, who are collectively referred to as Salt Typhoon, targeted the mobile devices of ambassadors, government officials, and other individuals who are connected to both presidential campaigns. Claimants that China was engaged in the attack on the Treasury Department were deemed "groundless" by Chinese officials, as reported by The Post. These officials also stated that their government "has always opposed all forms of hacker attacks."
