As President Trump prepares to assume office, he faces a digital battleground unlike any seen before.
Recent revelations paint a grim picture: Chinese threat actors have infiltrated critical U.S. infrastructure, from telecoms to surveillance systems — even breaching the Treasury Department’s sanctions division.
According to Reuters, Chinese state-sponsored hackers breached the U.S. Treasury Department at the end of 2024 via a compromised digital key from third-party cybersecurity provider BeyondTrust.
The attackers then accessed unclassified documents and user workstations, part of a pattern of abusing trusted third-party services.
In a letter to lawmakers, the incident was attributed to a Chinese advanced persistent threat (APT) actor, prompting a quick response from the Treasury, CISA, and the FBI.
Beijing denied involvement.
It comes alongside threat actor Salt Typhoon’s cyber warfare operation against the U.S., which continues to add new telcos to the victims’ lists.
And as experts tell us, the question is not what happened but what to do next.
Key Takeaways
- Chinese hackers breached U.S. Treasury systems through a compromised vendor key.
- An expert panel tells Techopedia that Trump must conduct a comprehensive audit during his transition to power.
- Real-time monitoring, supply chain security and rooting out any existing infiltration must happen immediately.
- Experts also answer which security technologies Trump should deploy on day one to help against the threats of Chinese cyber warfare against the U.S.
Why the U.S. Government Should Be Worried About Cyber Attacks
Chinese hackers have breached telecom operators, national surveillance and wiretapping services, the Treasury Department — specifically, the area that manages sanctions — and the broader critical infrastructure sector, including water, airports and ports, energy, government, and more.
To date, there is no agreement on what precisely Chinese-supported hackers have done inside American digital systems, whether they still persist in some networks or on the edge, or what their specific targets are.
One thing is clear: President Trump’s administration — firm on raising tariffs and possibly imposing new restrictions against China — inherits a hacked America.
The Challenges of Modern Presidential Transitions
The decentralized nature of America´s system of government, State empowerment, the rapid advancement of technologies, and the different internal procedures for each federal agency, make the digital transition of power a modern challenge.
Philip Lieberman, founder and CEO of Analog Informatics, an AI-powered healthcare company, a sector impacted significantly by 2024 cyber attacks, spoke to Techopedia about the challenges of modern presidential transitions.
Lieberman said the rights of the unregulated and regulated commercial enterprises working with the government, their security readiness, legal gaps, tight budgets, and the lack of government executive authority are all challenges.
“Another element of the cybersecurity problem is the near-total lack of coordination between the State Department, Law Enforcement, and the executive branch.”
Lieberman explained that the technical burden of identifying system weaknesses has been an ongoing activity of the NSA and NIST, which have been thwarted by political pushback and the lack of proactive actions by the executive branch.
Despite the magnitude of the problem, all of the cybersecurity experts we talked to across different industries said an audit of all U.S. systems (and partners) impacted by Chinese threat actors in 2024 is fundamental for the incoming Trump administration.
Techopedia spoke to McDaniel Wicker, Vice President of U.S. Government Strategy for Babel Street, an open-source threat intelligence (OSINT) company.
We asked Wicker if Trump should audit the systems breached by Chinese threat actors.
“Yes, and if you haven’t been compromised, it’s typically not a matter of if but when, so the integrity of data and systems should be audited during presidential transitions.”
“Steps to handle this could include comprehensive forensic analysis, continuous monitoring that adheres to strict legal frameworks, and supply chain and vendor audits,” Wicker said.
Wicker explained that supply chain and vendor audits not only ensure all government partners and suppliers involved in the operation of critical systems meet stringent requirements but also audit the individuals involved in those systems and technologies while verifying the data, sources, and systems with which data is collected
Antonio Sanchez, CISSP, Principal Evangelist at Fortra, a data, infrastructure, and managed cybersecurity solutions company, also spoke to Techopedia about audits.
“Anytime there is a cyber incident, there is always concern about the integrity of data and systems.”
Sanchez said forensic analysis is necessary to fully understand the security incidents driven by threat actors acting under the Typhoon umbrella.
Sanchez added that forensic analysis, including change events, network traffic data, user data handling, and log data from various sources, can help identify the threat actor, document the findings, and implement changes to reduce the risk of new incidents and breaches.
The Technologies Trump Should Deploy on Day One
We asked Wicker from Babel Street what technologies and strategies the Trump team needs to deploy on day one.
“On day one, the administration should prioritize offensive and defensive strategies — this includes deploying real-time monitoring technologies and predictive analytics to detect and mitigate threats, as well as strengthening supply chain security.”
Wicker also spoke about the importance of robust vendor vetting processes — evaluating certifications like ISO 27001, FedRAMP, and NIST, along with past performance and foreign ownership risks, are essential.
“Simultaneously, the administration should expand offensive capabilities to collect and analyze data from adversarial sources.”
With Trump promising a strict China foreign policy, strengthening American digital resilience will not be a once-and-done process.
How Foreign and National Policy Can Support the New Administration
Lieberman, from Analog Informatics, spoke about how foreign policy can also be used as deterrence.
“The Trump administration should publicly announce that any country that harbors criminals and uses government agencies to attack citizens and government assets will be subject to escalating trade tariffs and, ultimately, worldwide sanctions by the U.S. and its allies for their actions.”
Lieberman explained that President Trump can also direct the State Department and Law Enforcement Agencies to stop illegal activities by offshore actors.
Lieberman added that tax credits and incentives for organizations to invest in cybersecurity are also good options.
“The President should provide financial incentives for government agencies to re-shore their IT security services and have the work be taken in-house by government employees that are well-paid for their services and have a personal stake in the security of the government,” Lieberman said.
The Bottom Line
The China-U.S. relationship and its spillover to the cyber arena battlefronts are unlikely to stop soon. With escalations almost guaranteed and experts assuring that China positioned itself strategically inside U.S. systems for future actions, the new administration taking office is at a crossroads.
Trump and his top teams will inherit a Chinese-hacked America; what they do during the transition and in the first days of government can make a big difference for the U.S. and the wider international geopolitical world.
FAQs
What did Chinese hackers target in the U.S. Treasury breach?
How did the hackers breach U.S. Treasury systems?
What is Salt Typhoon, and how is it related to U.S. infrastructure attacks?
What should the Trump administration prioritize to counter cyber threats?
References
- US Treasury says Chinese hackers stole documents in ‘major incident’ | Reuters (Reuters)
- Profile Not Found | LinkedIn (Linkedin)
- AI Patient Engagement for Medical Facilities and Hospitals (Analoginformatics)
- McDaniel W. – Senior Vice President, U.S. Government – Babel Street | LinkedIn (Linkedin)
- Data Analytics Platform – Threat Intelligence Tool | Babel Street (Babelstreet)
- Antonio Sanchez, CISSP – Austin, Texas, United States | Professional Profile | LinkedIn (Linkedin)
- Fortra | Cybersecurity & Automation Software Solutions (Fortra)