Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases

Chinese cyber-spies who broke into the US Treasury Department also stole documents from officials investigating real-estate sales near American military bases, it's reported.

Citing three folks familiar with the matter, CNN said the Chinese government-backed snoops compromised the computer security of the Committee on Foreign Investment in the US (CFIUS), which reviews foreign money funneled into American businesses and real estate to assess national security risks.

Late last year, the Treasury expanded the committee's authority to review the purchase or lease of real estate close to US military bases. American lawmakers have expressed concern that Chinese government agents could buy up land near these bases and use the locations to spy on military activities.

A Treasury spokesperson did not immediately respond to The Register's inquiries. Previous reports indicated the same Chinese intruders also targeted the sanctions office, though did not access any classified information.

US officials are analyzing the national security impact of the stolen CFIUS files, anonymous sources told CNN. While none of the pilfered data appears to be classified, the concern is that the unclassified documents stolen in the raid could still provide useful intelligence to the Chinese government.

China has denied the American government's data theft and espionage allegations.

• Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid
• US Treasury Department outs the blast radius of BeyondTrust's key leak
• China's cyber intrusions took a sinister turn in 2024
• Zero-day exploits plague Ivanti Connect Secure appliances for second year running

A Treasury spokesperson told CNN the snoops compromised a "third-party service provider" in December and then remotely accessed several Treasury user workstations and certain unclassified documents.

"Treasury takes very seriously all threats against our systems, and the data it holds," the spokesperson said. "Over the last four years, Treasury has significantly bolstered its cyber defense, and we will continue to work with both private and public sector partners to protect our financial system from threat actors."

Last week, the Treasury notified Congress about the latest Chinese intrusions. The disclosure comes as lawmakers and government officials are still struggling to understand the scope of the Salt Typhoon campaign, in which Beijing-backed spies compromised at least nine American telecommunications companies, giving agents the capability to pin-point the location of millions of people and record their calls.

The Treasury security breach continues a pattern of escalating cyber-intrusions that Uncle Sam has blamed on the Chinese government. ®