Chinese state-backed hackers have breached a U.S. government office that reviews foreign investments for national security risks, CNN reported today.

The Committee on Foreign Investment in the U.S., or CFIUS, is headed by U.S. Treasury Secretary Janet Yellen. It also includes representatives from more than a dozen other government agencies as well as the White House. It’s responsible for scrutinizing foreign investments such as company acquisitions and startup funding rounds.

Last month, CFIUS received greater authority to review real-estate deals in the vicinity of U.S. military bases. There are concerns that such deals could be used by China to spy on those bases, CNN reported.

It’s unclear how the hackers breached CFIUS’ network or what data they may have accessed. According to CNN, there’s no evidence classified documents were compromised. However, officials are reportedly concerned that the hackers could piece together the unclassified data they did access to gain valuable intelligence.

The breach is reportedly part of the same hacking campaign that compromised the U.S Treasury Department last month.

The hacking campaign used an application programming interface key stolen from BeyondTrust Inc., a provider of software for information technology teams. The company develops tools for managing login credentials. It also offers Remote Support, a cloud service that enables administrators to remotely troubleshoot employee devices. 

The hackers used Remote Support and the stolen API key to compromise the workstations of several Treasury employees. The cyberattack reportedly targeted the Office of Foreign Assets Control, or OFAC, which is responsible for enforcing sanctions. It’s believed the breach compromised a number of unclassified documents.

The cyberattack also targeted the Treasury’s Office of Financial Research, or OFR. The office collects financial data for lawmakers, identifies economic risks and performs related tasks. It’s currently unclear what information was stolen from OFR’s systems.

On Wednesday, Bloomberg reported that the Treasury breach was carried out by a Chinese state-backed hacking group tracked as Silk Typhoon. It focuses primarily on conducting cyberespionage using zero-day software vulnerabilities. The group is known to have targeted organizations in the U.S., Australia, Japan and Vietnam.

In 2021, Silk Typhoon launched a high-profile hacking campaign against deployments of Microsoft Corp.’s Exchange Server application. The software is used by numerous organizations to power their on-premises email servers. It’s believed Silk Typhoon compromised more than 68,000 machines.

The 2021 hacking campaign exploited multiple zero-day vulnerabilities. One flaw made it possible to install malicious code on vulnerable Exchange Server systems, while the other facilitated server-side request forgery. This is a type of cyberattack in which hackers trick a server into displaying sensitive data. Microsoft developed a dedicated one-click remediation tool to help customers patch affected systems.

Image: Pixabay