US Treasury files hacked by China, Biden issues cybersecurity order
Chinese hackers breached the U.S. Treasury Department between September and November 2024, gaining access to more than 3,000 files, including documents from high-ranking Treasury officials, according to testimony provided to lawmakers on Wednesday, Jan. 15. The breach impacted unclassified files, including those belonging to Treasury Secretary Janet Yellen and Deputy Secretary Wally Adeyemo.
Treasury and law enforcement officials told members of Congress that the hack exploited a vulnerability in a third-party product used by the Treasury’s vendor, BeyondTrust.
The company alerted the government to the breach in December 2024. Officials confirmed that 419 Treasury computers were compromised, according to the testimony.
This breach comes amid escalating concerns about cybersecurity, particularly regarding Chinese hacking activities. In response to these growing threats, President Joe Biden issued an executive order on Thursday. Jan. 16, aimed at tightening security standards for companies that do business with the U.S. government.
The new executive order requires software providers who contract with the government to demonstrate the security of their products. This includes stringent security measures for cloud providers and internet-connected devices.
Starting in 2027, the U.S. government will only purchase products that carry the new “U.S. Cyber Trust Mark.” The new label certifies a device’s security.
FBI Director Christopher Wray has warned that China’s cyber capabilities represent “the defining threat of our generation.” In a recent interview with CBS’ “60 Minutes,” Wray described China’s cyber program as the largest in the world, surpassing every other nation combined. He emphasized the risks posed by China’s extensive data theft and its ability to infiltrate critical infrastructure.
As lawmakers and officials continue to address these cybersecurity challenges, the focus is on improving the security of government systems and the products used by contractors. The Biden administration’s efforts to strengthen cybersecurity protocols underscore the increasing urgency of defending against foreign cyber threats.
Chinese-sponsored hackers behind ‘major’ breach: Treasury Department
Investigators accuse China of hacking U.S. Treasury Department computers. And funeral arrangements are set for America’s 39th president, Jimmy Carter. These stories and more highlight your Unbiased updates for Tuesday, Dec. 31, 2024.
Chinese-sponsored hackers are behind ‘major’ breach: Treasury Department
The U.S. Department of Treasury said it’s still working to determine the extent of damage from a data breach it called “a major incident.” In a letter sent to the Senate Committee on Banking, Housing, and Urban Affairs on Monday, Dec. 30, the Treasury Department said a Chinese-sponsored “threat actor” was able to gain access to department employees’ workstations earlier this month and view “unclassified documents” maintained by those workers.
The letter said the hackers gained access through a third-party cybersecurity service called BeyondTrust and overrode certain department security measures. The department stopped using BeyondTrust after the attack.
The Treasury Department is working with the FBI and other members of the U.S. intelligence community to “fully characterize the incident and determine its full impact.” The department said it will provide Congress more information in a supplemental report within 30 days.
China’s ministry of foreign affairs denied any Chinese involvement.
Arrest warrant issued for embattled South Korean President Yoon Suk Yeol
The court recently voted to strip Yoon of his presidential powers. He faces impeachment over his short-lived declaration of martial law.
The court granted the arrest warrant for Yoon on charges of abuse of authority and orchestrating a rebellion. Yoon is wanted for questioning in multiple investigations, including one over accusations of leading an insurrection — a crime punishable by life imprisonment or even the death penalty in South Korea.
President Joe Biden spoke with the nation’s interim president in recent weeks, expressing America’s commitment to democracy there. America has roughly 28,000 troops stationed in South Korea as a deterrent to communist North Korea.
Memorial events scheduled for late President Jimmy Carter
Details are now public about the nation’s plans to pay tribute to the late former President Jimmy Carter, who died Sunday, Dec. 29, at 100 years old. Biden declared Thursday, Jan. 9, a National Day of Mourning. New Year’s Day will begin an eight-day mourning period.
The Carter family will gather in the former president’s hometown of Plains, Georgia, over the next few days.
On Saturday, Jan. 4, the state funeral will be held. It starts at 10:15 a.m. ET with a motorcade from Phoebe Sumter Medical Center in Americus, Georgia, and will travel through Plains, taking a brief pause at 10:50 a.m.
At that stop, the National Park Service will ring the historic bell on the Carter family farm 39 times in honor of the late president. At 10:55 a.m., Carter’s final journey to Atlanta will begin.
At 3 p.m., the motorcade will stop at the Georgia State Capitol for a moment of silence led by Gov. Brian Kemp. It will then go on to its destination, the Carter Presidential Center, for a service at 4 p.m.
Carter will lie in repose from 7 p.m. on Sunday, Jan. 5, until 6 a.m. Tuesday, Jan. 7, for the public to pay respects.
He will then be taken to Washington, D.C., where Congress will pay tribute in a private ceremony. Then Carter will lie in state for the public to pay respects until Thursday, Jan. 9, when Carter will be taken home to Georgia for a private family funeral service and internment. Biden is expected to deliver a eulogy at the funeral.
5 people charged in connection with singer Liam Payne’s death
Five people were charged in connection with the death of former One Direction singer Liam Payne in Argentina, according to the country’s prosecutor’s office. Payne died after falling from a hotel balcony in Buenos Aires in October after police said he consumed “various substances,” including drugs and alcohol.
A friend of Payne, the hotel manager and its head of reception are accused of “negligent homicide” in connection with the singer’s death. If convicted, they face a maximum of five years in prison.
Two other hotel employees were charged with selling Payne drugs. They face up to 15 years in prison.
FAA investigating after Gonzaga Bulldogs’ jet ordered to stop at LAX
The Federal Aviation Administration launched an investigation after a private jet carrying the Gonzaga University men’s basketball team nearly crossed a runway as another flight took off from Los Angeles International Airport on Friday, Dec. 27.
The FAA has launched an investigation after a Delta plane almost hit the Gonzaga’s men’s basketball team’s private jet on Friday. 😳
The jet, operated by Key Lime Air, was ordered by air traffic controllers to stop as a Delta flight took off. No one was hurt. Gonzaga was in Los Angeles for its game against UCLA on Saturday, Dec. 28.
Over 1 million expected to ring in the new year at Times Square
The NYPD said while there have not been any “specific credible threats” to the Times Square celebration, the department has been operating in a heightened threat environment since Oct. 7, 2023, when Hamas attacked Israel.
As for the big celebration, fans braving possible wet weather and the many others watching at home will be able to enjoy musical acts from Carrie Underwood, Blake Shelton and the Jonas Brothers.
New reports indicate that additional undersea cable lines were severed in the Baltic Sea. The reports come on the heels of alleged sabotage of different cables in November 2024.
Finnish authorities said they are investigating more telecommunication line disruptions with a Russian “shadow fleet” reportedly facing a probe related to the Christmas Day outages.
Finland’s prime minister announced on Wednesday, Dec. 25, a “disruption” in the Estlink-2 cable and said the country is looking into the incident.
Officials noted, the disruption would not impact “electricity supplies in Finland” and there is also enough capacity to meet electricity needs in Estonia.
In a separate incident on Wednesday, Finnish telecommunication officials say that they are investigating the disruptions of two submarine cables between Finland and Estonia.
Currently, investigators are unsure what caused the outages and are still trying to determine where the cable lines were disrupted, although Estonian authorities say they believe the disruption is on the Finnish side.
As Straight Arrow News previously reported, European nations have been on high alert ever since two critical communication cables were severed in the Baltic Sea in November 2024.
European officials called it an act of “sabotage” and implicated Russia in the incident.
Danish authorities later detained a Chinese vessel that they say dragged an anchor more than 100 miles as it left a Russian port.
The Chinese ship is believed to be responsible for cutting cables linking Germany and Lithuania and severing another set of cables connecting Germany and Finland.
Investigators are probing whether the crew worked with Russia in what Western countries consider “hybrid warfare.”
European officials said that China is not suspected of the sabotage but are investigating whether Russia worked with the crew.
Western allies are also upping security in the region as NATO is expected to deploy new technology to protect underwater cables next year.
The international alliance announced earlier this month that it will launch sea drones in summer 2025 to monitor global cables in the Baltic and Mediterranean Seas.
Is your Wi-Fi router a national security risk? US government weighs ban
TP-Link is the bestselling Wi-Fi router internationally and on Amazon. Now, the U.S. government is considering banning these devices over cyberattack risks.
According to a Wall Street Journal report, investigators at three agencies, Commerce, Defense and Justice, are looking into these Chinese-made routers.
In October, Microsoft said it was tracking “a network of compromised small office and home office (SOHO) routers” known as CovertNetwork-1658 and said “routers manufactured by TP-Link make up most of this network.”
The network has been used by multiple “Chinese threat actors” to gain access and launch cyberattacks.
This comes more than a year after Microsoft “uncovered stealthy and targeted malicious activity … aimed at critical infrastructure organizations in the United States.”
Microsoft said Volt Typhoon is “a state-sponsored actor based in China that typically focuses on espionage and information gathering.” The company said it “tries to blend into normal network activity by routing traffic through compromised [small office and home office] network equipment, including routers, firewalls and VPN hardware.”
“These small office home office routers were not themselves the intended targets,” FBI Director Christopher Wray testified in January. “The targets, of course, were our critical infrastructure, but what the Chinese were doing were using these easy targets to hide and obfuscate their role in the hacking of our critical infrastructure.”
In August, two lawmakers pressed the Biden administration to investigate TP-Link, calling it a “glaring national security issue.” Along with being in homes across America, the letter noted that TP-Link devices are also on U.S. military bases.
Straight Arrow News reached out to TP-Link to comment on these investigations. The company didn’t immediately respond.
A spokesperson did tell the Journal, “We welcome any opportunities to engage with the U.S. government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the U.S. market, U.S. consumers, and addressing U.S. national security risks.”
The Chinese embassy in Washington said the U.S. is using the guise of national security to suppress Chinese companies, something both sides have accused the other of in an ongoing tech tit-for-tat.
If the U.S. government went forward with banning TP-Link routers, it would be the biggest such move since the Trump administration labeled China’s Huawei and ZTE national security threats and ordered the tech be ripped out of U.S. infrastructure.
Any action against TP-Link would likely fall on Trump’s second term.
TP-Link was founded by two brothers in China in 1996. As tensions between China and the U.S. worsened, in October, TP-Link announced its new global headquarters would be in the United States.
The company said the move is “reinforcing our commitment to the U.S. market and enhancing our ability to innovate and compete on a global scale.”
The comments follow a series of threats and cyberattacks on America’s digital infrastructure in recent months. Waltz said it’s time for the government to finally create an offensive playbook that can counter the growing threat.
The congressman told CBS News that malicious cyber groups can infiltrate the nation’s most private and sensitive data at any time, and that they need to be held accountable.
Waltz said the U.S. needs to “start imposing, I think, higher costs and consequences to private actors and nation-state actors that continue to steal our data, that continue to spy on us.”
Sunday’s interview comes after the White House said a Chinese hacking group dubbed Salt Typhoon breached eight U.S. telecom companies earlier this month. Access to texts and numbers, including data from more than a million Americans, was granted to officials in Beijing.
According to Deputy National Security Adviser Anne Neuberger, hackers dug into communications between top U.S. government officials and political figures, including the presidential campaigns of both Trump and Vice President Kamala Harris.
“We don’t believe any classified communications has been compromised,” Neuberger said, adding that the threat is still out there.
“So there is a risk of ongoing compromises to communications until U.S. companies address the cybersecurity gaps the Chinese are likely to maintain their access,” she said.
Meanwhile, Waltz also discussed the largest cyberattack that impacted America’s oil pipeline. The Colonial Pipeline was hit in 2021, sending the nation into a desperate pursuit to find fuel. The Houston-based company was forced to pay the hackers millions of dollars to restore the system.
Waltz said Trump is on board with changing current policies for cybercriminals while using assets the nation already has at its disposal.
“We’ve got a tremendous private sector with a lot of capability. That relationship between public and private, with our tech industry, they could be doing a lot of good and helping,” Waltz said.
Chinese officials have denied that the country is behind any cyberattacks and threats impacting the United States.
Hackers demand ransom in cyberattack on Rhode Island’s benefits system
Hundreds of thousands of people could be the victims of a major cyberattack in Rhode Island. Officials confirmed the government benefits system was targeted, revealing the private data of anyone who used a state program within the last eight years.
The hackers behind the leak are demanding a ransom, but authorities haven’t confirmed how much money they are asking for.
The cybercrime group gained thousands of social security and bank account numbers, as well as personal data, which investigators said could be released within the coming week.
Breached programs include:
Medicaid
SNAP
Temporary Assistance for Needy Families
The Child Care Assistance Program
Rhode Island Works
Long-term Services and Supports
At HOME Cost Share Program
Health insurance purchased through HealthSource RI
McKee held a press conference on Saturday, Dec. 14, urging the public to proactively protect their information, saying the data could be exposed at any time.
“There are things that can be done right now in advance of when potentially something could happen,” McKee said.
Deloitte, which maintains Rhode Island’s benefits system, said it’s currently in ongoing negotiations with the cybercriminals.
“We know this situation is alarming, and it’s stressful,” McKee said.
The government shut down its RIBridges system and set up a toll-free hotline to help Rhode Islanders protect their information. Those directly impacted will receive a letter in the mail.
Romania’s election called off over accusations of Russian meddling
Romania’s presidential election was called off following accusations that the surprise frontrunner’s social media campaign was influenced by Russia. Far-right independent candidate Calin Georgescu won the first round of voting and rose to popularity by posting his “Romania first” nationalist brand on TikTok.
His account gained more than 530,000 followers and over 5 million “likes” but fueled suspicion that his overnight success was driven by Russian meddling.
In a surprise move, the Romanian government declassified intelligence reports days ahead of the election alleging that Moscow ran an elaborate internet scheme to boost Georgescu’s account.
This comes after the country’s election servers had allegedly been hacked by Russia.
“Romania is a target for aggressive Russian hybrid actions including cyber attacks and information leaks and sabotage,” the Foreign Intelligence Service said.
Like Russian President Vladimir Putin, Georgescu has been a vocal NATO critic, questioning Romania’s membership in the alliance, which ignited fears about NATO’s future in the country.
Now, Romania’s top court says the entire election process must be redone, meaning a second-round run-off that was scheduled for Sunday, Dec. 8, will no longer happen.
Georgescu would have gone head-to-head with his centrist rival Elena Lacsoni.
Trump’s pick for head of FBI target of Iranian-backed cyberattack: US
U.S. intelligence revealed on Tuesday, Dec. 3, that an alleged Iranian-backed cyberattack targeted Kash Patel, President-elect Donald Trump’s pick to head the FBI. The FBI reportedly told Patel the hackers attempted to infiltrate his communications.
Although Trump’s team didn’t specifically respond to the latest suspected cyberattack, Trump transition spokesperson Alex Pfeiffer told CBS News, “Kash Patel was a key part of the first Trump administration’s efforts against the terrorist Iranian regime and will implement President Trump’s policies to protect America from adversaries as the FBI director.”
Trump announced Patel as his pick to lead the FBI on Saturday, Nov. 30. Patel was Trump’s chief of staff to the secretary of defense during Trump’s first term in office.
Patel’s appointment will need to be confirmed by the U.S. Senate when Trump returns to the White House on Jan. 20.
The latest revelation of alleged Iranian meddling in U.S. affairs comes after warnings from U.S. authorities of Iran-based cyber sabotage attempts on Trump’s 2024 presidential campaign.
Americans urged to use encrypted messaging apps after cyberattack: Officials
U.S. officials are recommending Americans use encrypted messaging apps amid a cyberattack on telecommunications companies like AT&T and Verizon. Cybersecurity experts advise you to encrypt your text messages and voice communication, if possible.
Microsoft says the hacking campaign, which they’ve nicknamed “Salt Typhoon,” is one of the biggest intelligence compromises in U.S. history and has not yet been fully stopped.
NBC News said officials on a news call “refused to set a timetable for declaring the country’s telecommunications systems free of interlopers.”
Officials said China is behind the attack in an attempt to spy on Americans. Chinese officials have not addressed the accusations.
“In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China’s intercepting their communications,” NBC News said.
Related Stories
Chinese hackers listening to calls, reading texts of US government officials
South Korean president faces impeachment calls after martial law order
Political unrest grows in South Korea after the president’s short-lived martial law order. And U.S. officials urge Americans to use encrypted messaging apps after a massive cyberattack. These stories and more highlight your Unbiased Updates for Wednesday, Dec. 4, 2024.
Push to impeach South Korea’s president after martial law declaration
It may have been short-lived, but the South Korean president’s declaration of martial law could have implications for months to come as six opposition parties have moved to impeach Yoon Suk Yeol.
Martial law grants the military temporary rule during an emergency, which the president can legally declare. Yoon sent heavily armed forces into the streets of Seoul Tuesday, Dec. 3, after suddenly and unexpectedly putting the country under martial law — vowing to eliminate “anti-state” forces he claimed were planning a rebellion.
Action was swift, with protesters surrounding South Korea’s parliament building. Lawmakers climbed walls to get back into the building and used fire extinguishers to hold soldiers off so they could unanimously vote to cancel the martial law declaration just hours after it was put in place.
Impeaching Yoon requires the support of two-thirds of the National Assembly and at least six of the country’s nine constitutional court justices. The liberal opposition Democratic Party holds a majority in the 300-seat parliament and has called for Yoon’s resignation.
WATCH: Soldiers arrive at South Korea's parliament after president declares martial law pic.twitter.com/cZX4vsM34y
One Democratic Party lawmaker said an impeachment vote could come as early as Friday, Dec. 5.
Martial law is a sensitive subject in South Korea, which has only been a democracy since the 1980s. Before that, in the wake of the Korean War which ended in 1953, multiple dictatorships emerged with leaders often declaring martial law to prevent antigovernmental protests.
South Korea is considered a key ally of the United States and White House officials said they are “monitoring the situation closely.” The U.S. has about 28,000 troops stationed in South Korea.
Trump’s nominees to lead DEA, FBI, DOD making headlines
Three of President-elect Donald Trump’s picks for his incoming administration made headlines Tuesday. One nominee dropped out, another was the target of a possible cyberattack, and the third could be replaced.
Trump had nominated Hillsborough County, Florida Sheriff Chad Chronister to lead the Drug Enforcement Agency. On Tuesday, Chronister took his name out of the running, saying in a post on X to have been nominated was “an honor of a lifetime” but “as the gravity of this very responsibility set in” he concluded that he must “respectfully withdraw from consideration.”
To have been nominated by President-Elect @realDonaldTrump to serve as Administrator of the Drug Enforcement Administration is the honor of a lifetime. Over the past several days, as the gravity of this very important responsibility set in, I’ve concluded that I must respectfully… pic.twitter.com/bvNF8m9Bh4
The nomination came under fire from some Trump supporters over Chronister’s enforcement of COVID-19 restrictions during the pandemic. This marks the second Trump nominee to withdraw his name after former Congressman Matt Gaetz said he would not continue his bid to become attorney general.
Meanwhile, reports say Trump’s nominee for FBI director, Kash Patel, was the target of a possible Iran-backed cyberattack. Sources familiar with the situation told multiple outlets, including ABC News and CBS News, the alleged hackers targeted Patel’s communications, but it was not clear how much data they were able to view.
Patel held various roles during Trump’s first term including chief of staff to the secretary of defense.
Finally, there might be a change when it comes to the next defense secretary. The Wall Street Journal and other outlets reported Wednesday morning, Dec. 4, that Trump’s pick of former Fox News anchor and military veteran Pete Hegseth’s is in doubt.
Since his nomination, Hegseth has been the subject of reports on allegations about his personal life, including claims of sexual misconduct, repeated intoxication and rampant womanizing. Hegseth has denied those allegations.
The Wall Street Journal and New York Post both reported Trump is considering Florida governor and former GOP presidential candidate Ron DeSantis as a possible replacement for Hegseth. Desantis served in the U.S. Navy before becoming governor.
Both Trump and DeSantis attended a memorial service Tuesday for fallen law enforcement officers in Palm Beach County, Florida.
Hegseth has been meeting with Senate Republicans at the Capitol this week to try to rally support ahead of confirmation hearings. People close to the president-elect’s team said talks of a replacement are in the early stages and the next 48 hours are crucial to Hegseth’s fate.
Trump’s lawyers ask judge to toss conviction, cite Biden’s pardon
President-elect Trump’s lawyers have officially asked a judge to throw out his criminal conviction in his so-called “hush money” case.
In May, a jury found Trump guilty of 34 charges in a scheme to illegally influence the 2016 election through a payment to a porn actor who claimed she and trump had sex. Trump has long denied that.
In a filing made public Tuesday, Trump’s lawyers said continuing the case would present “disruptions to the institution of the presidency” and undermine the transition of power as he prepares to take back the Oval Office next month.
Lawyers also pointed to President Joe Biden’s recent move to pardon his son Hunter of his convictions on tax fraud and gun charges where the president said Hunter was “unfairly prosecuted” as a reason Trump’s case should be dismissed. Trump’s lawyers called his prosecution “political theater.”
Prosecutors have until Monday, Dec. 9 to respond. In the past, they said they would fight efforts to dismiss the case but indicated a willingness to delay the sentencing until after Trump’s second term ends in January 2029.
Americans urged to use encrypted messaging apps after cyberattack
U.S. officials are recommending Americans use encrypted messaging apps amid a cyberattack on telecommunications companies like AT&T and Verizon. Cybersecurity experts advise you to encrypt your text messages and voice communication, if possible.
Threat actors affiliated with the Chinese government have compromised telecom provider networks to conduct a cyber espionage campaign. Network defenders should read new guidance from the #FBI and our partners to harden their systems against this activity: https://t.co/yzh7NedOAepic.twitter.com/GXsN7lbB0f
Officials said China is behind the attack in an attempt to spy on Americans. Chinese officials have not addressed the accusations.
Cyber Monday pulls in record $13.3 billion in sales
Your chances to get some of the deepest discounts of the holiday shopping season have passed with Cyber Monday now in the books. Consumers took full advantage, collectively spending a record $13.3 billion online during Cyber Monday.
Adobe Analytics said that’s up 7.3% from last year and surpassed projections of $13.2 billion in sales. The company said between the peak hours of 8 p.m. and 10 p.m. Alone, people spent a combined $15.8 million every 60 seconds.
Adobe said “buy now, pay later” plans were quite popular, accounting for more than $991 million worth of Cyber Monday spending.
Beyoncé tops Billboard’s list of the greatest pop stars of 21st century
The music charting site said the choice is based on Beyoncé’s “full 25 years of influence, impact, [and] evolution.” Billboard added when talking about greatness in the 21st century, nobody else has a longer or fuller track record.