Hackers linked to China accessed more than 400 computers at the U.S. Treasury.

The U.S. Department of the Treasury communicated in a letter in December that it suffered a security breach, pointing to a "state-sponsored Advanced Persistent Threat actor linked to China." Recent reports have revealed more detailed information about the extent of this cyberattack.

A group of hackers managed to access more than 400 computers, both laptops and desktops, many of which were linked to high-level leaders involved in "sanctions, international affairs, and intelligence." The attackers also obtained usernames and passwords of employees, as well as over 3,000 files from unclassified personal computers. These documents included travel data, organizational charts, materials on sanctions, and metrics on foreign investment.

A report from the agency indicates that the perpetrators likely stole much of this information, although they did not manage to penetrate the Treasury's email systems or classified networks. However, they did access information related to investigations carried out by the Committee on Foreign Investment, which examines the security implications of real estate purchases and foreign investments in the U.S.

It is also highlighted that there is no evidence suggesting that the hackers attempted to infiltrate the Treasury's systems with the goal of collecting long-term intelligence, nor did they leave any malware. The intrusion has been attributed to a state-sponsored hacking group known as Silk Typhoon, Halfnium, or UNC5221. There is a possibility that they conducted the attack outside of regular working hours to avoid detection. Last month, a spokesperson for China’s Foreign Ministry described the accusation that the attack was state-sponsored as "unjustified and unfounded."

Counterintelligence officials continue with a "comprehensive damage assessment," while Treasury employees are scheduled to brief the Senate Committee on Banking, Housing, and Urban Affairs on the matter this week.