China Hacks US Treasury Department and More

In December 2024, a cybersecurity audit at a major US telecom firm exposed a hidden breach. Engineers found evidence of a covert intrusion linked to Salt Typhoon, a Chinese hacking group. For months, the hackers accessed private communications, including messages from senior US government officials. This discovery highlighted the scale of Chinese cyber operations and raised alarms in Washington¹.

The cyber competition between the United States and China has grown more intense. A series of recent incidents shows the rising tensions. Increased scrutiny, legal actions, and stronger regulations reflect the seriousness of the situation.

Salt Typhoon's Persistent Activities

US sanctions have not stopped Salt Typhoon from targeting global telecom firms. Between December 2024 and January 2025, the group breached five telecom companies. One target included a US-based affiliate of a UK provider². These attacks reveal the group's advanced methods and the challenge of stopping state-backed cyber threats.

Breach of the US Treasury Department

In December 2024, Chinese hackers infiltrated the US Treasury Department. They exploited weaknesses in a third-party cybersecurity provider. This breach gave them access to key documents about department leadership³. The incident raised concerns about the safety of government data.

Indictments and Sanctions

On March 5, 2025, the US Department of Justice indicted 12 Chinese nationals and one Chinese company for cyber crimes. Two individuals, Zhou Shuai and Yin Kecheng, faced sanctions for their roles in the Treasury breach. Both are members of the Silk Typhoon hacking group, which has carried out many cyber-espionage campaigns⁴.

Targeting US Critical Infrastructure

Since at least 2013, Chinese hackers have targeted US critical infrastructure. These attacks aim to strengthen China's defense industry⁵. Energy, transportation, and telecom systems remain key targets. Such breaches pose serious threats to national security.

Telecommunications Sector Under Siege

Chinese hackers, including Salt Typhoon, have infiltrated major US telecom firms like AT&T and Verizon. These breaches allow access to private communications, including those of senior US officials⁶. This activity raises concerns about data privacy and national security.

Committee on Foreign Investment Breach

Chinese hackers also breached the Committee on Foreign Investment in the United States (CFIUS). This office reviews foreign investments for national security risks. The breach reflects China's interest in tracking US efforts to block Chinese investments⁷.

Lawful Intercept Systems Compromise

Salt Typhoon also accessed America's "lawful intercept" systems. Law enforcement uses these systems for surveillance⁸. This breach threatens the security of investigations and exposes sensitive law enforcement data.

Strengthening Regulatory Measures

The US has increased regulations to address rising cyber threats. New frameworks aim to protect data and limit risks from cross-border data flows. These efforts also target Chinese software operations in the US to reduce potential vulnerabilities⁹.

Conclusion

The US-China cyber competition involves ongoing cyberattacks, legal actions, and new regulations. Groups like Salt Typhoon and Silk Typhoon continue to threaten key sectors. As both countries expand their cyber capabilities, further escalations remain likely.

¹ Salt Typhoon telecom breach, December 2024 audit report.² US-based affiliate breach, cybersecurity findings, January 2025.³ Treasury Department hack, third-party provider investigation, December 2024.⁴ DOJ indictment of Chinese nationals, March 5, 2025.⁵ Critical infrastructure targeting report, 2013-present analysis.⁶ Telecom sector infiltration, AT&T and Verizon breach reports.⁷ CFIUS breach investigation, 2025.⁸ Lawful intercept compromise, Salt Typhoon activities, 2025.⁹ US regulatory framework update, cross-border data measures, 2025.