Source: CNN
The Biden administration on Friday made one final push to expose what officials say is a rampant Chinese cyber-espionage campaign by identifying a company and a person allegedly behind a pair of damaging hacks aimed at senior US officials.
The goal is to “impose real costs” on hackers who “seek to undermine our democratic processes and ultimately our way of life,” as senior US official told CNN. But limiting China’s ability to gather sensitive intelligence from US networks is a decades-long challenge that the Trump administration will now inherit.
Friday’s announcement included Treasury Department sanctions on a Chinese tech company for allegedly playing a key role in a sweeping breach of US telecommunication giants that became public last year. The hackers targeted the phone communications of President-elect Donald Trump, Vice President-elect JD Vance and senior Biden administration officials.
Treasury also sanctioned a Shanghai-based person for allegedly participating in a separate hack of Treasury itself that was disclosed last month. The hackers targeted unclassified information belonging to Treasury Secretary Janet Yellen and her deputy Wally Adeyemo as part of an intelligence-gathering effort, a source familiar with the matter told CNN. They also breached the US government office that reviews foreign investments for national security risks, CNN previously reported.
A Treasury spokesperson declined to comment. Bloomberg News and Politico previously reported that Yellen’s information was targeted.
The sanctions came as Trump said he had a “very good” phone call with Chinese President Xi Jinping on Friday.
“President Xi and I will do everything possible to make the World more peaceful and safe!” Trump wrote on social media.
But Trump’s administration is set to include multiple Cabinet members or other senior staff who have called for tougher measures on China over national security concerns, including incoming national security adviser Rep. Mike Waltz and Sen. Marco Rubio, Trump’s choice for secretary of state.
And the Trump administration faces an early test on whether it will enforce a ban on Chinese-owned social media giant TikTok that the Supreme Court upheld on Friday.
The telecom and Treasury hacks, and their fallout for national security, have roiled Washington.
Federal employees are changing the way they communicate on their phones, moving to more secure methods. Lawmakers are calling for an overhaul of cybersecurity for major telecom providers. And Adeyemo, the outgoing deputy Treasury secretary, has asked Congress to give federal agencies “clear authority” to examine the security practices of contractors that serve the financial system. (The Treasury hack occurred through a software contractor.)
In response to the recent Chinese hacking campaigns, Waltz has called for more offensive action from the US government in cyberspace.
“We’ve got to go on the offensive and impose COSTS on those who are stealing our technology and attacking our infrastructure,” he posted on X last month.
Tensions over cybersecurity have long permeated the US-China relationships, but they have grown more acute in recent months. In conversations with their Chinese counterparts, US diplomats have complained that the scope and scale of the telecom hacks is excessive, CNN previously reported. China has rejected the evidence.
“During his meeting with President Biden in Lima (last) year, President Xi Jinping said that there is no evidence that supports the irrational claim of the so-called cyberattacks from China,” Liu Pengyu, spokesperson for the Chinese Embassy in Washington, DC, previously told CNN.
As for Friday’s sanctions, some cybersecurity experts said they were a necessary but insufficient step in trying to frustrate China’s hacking activity.
“Unfortunately, the actors behind these attacks are unlikely to be entirely deterred by these actions, but it’s important to shed a light on their operations and add as much friction as possible,” said John Hultquist, chief analyst at Mandiant, a Google-owned cybersecurity firm.