Chinese hackers access Yellen’s computer in US Treasury breach

WASHINGTON – US Treasury Secretary Janet Yellen’s computer was infiltrated, and unclassified files were accessed as part of a broader breach of the agency by Chinese state-sponsored hackers, according to two people familiar with the matter.

The attackers also hacked the computers of two of Dr Yellen’s lieutenants, deputy secretary Wally Adeyemo and acting under-secretary Brad Smith, according to the people who asked not to be identified.

Fewer than 50 files on Dr Yellen’s machine were accessed, one of the people said.

The Treasury breach is the latest hack attributed to the Chinese government that has reached the top ranks of a US federal department.

The attackers appeared to focus on Treasury’s role in sanctions, intelligence and international affairs, but did not penetrate the e-mail or classified systems, according to a Treasury report previously reviewed by Bloomberg News. 

Treasury staff were at Capitol Hill on Jan 15 and 16 briefing congressional aides and lawmakers about the hack.

The discussions occurred as the Senate Finance Committee held a confirmation hearing on Jan 16 for Mr Scott Bessent, President-elect Donald Trump’s nominee as Treasury secretary.

The Chinese operatives breached the top Treasury officials’ computers along with more than 400 laptop and desktop machines, accessing employee usernames and passwords as well as more than 3,000 files on unclassified personal devices, the report states.

The intruders also accessed “law enforcement sensitive” data and material on investigations run by the Committee on Foreign Investment in the US, which reviews the national security implications of some foreign financing, according to the Treasury report. 

Software contractor BeyondTrust on Dec 8 notified Treasury that hackers exploited the company’s networks to infiltrate the government department.

Treasury alerted the Cybersecurity and Infrastructure Security Agency and sought help from the FBI and other intelligence agencies. 

Politico earlier reported that the hackers accessed a small number of unclassified files belonging to Dr Yellen, Mr Adeyemo and Mr Smith.

Investigators attributed the hack to a Chinese state-sponsored actor known among cyber security professionals as Silk Typhoon and UNC5221, according to the report.

They found that the hackers prioritised the collection of documents and operated outside normal working hours to avoid detection, according to the report.

Chinese officials have long denied US allegations of state-sponsored cyber attacks. A Foreign Ministry spokesperson in December called the claims that the government was behind the Treasury hack “unwarranted and groundless”.

China was also accused in 2023 of breaking into the e-mail accounts of key government officials, including Commerce Secretary Gina Raimondo and, according to the Wall Street Journal, US ambassador to China Nicholas Burns. BLOOMBERG