News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers
Business of Tech | From Treasury Hacks to Router Risks: The U.S. Grapples with China’s Cyber Onslaught

The U.S. Treasury Department has confirmed that hackers linked to the Chinese government breached its Office of Foreign Assets Control, which oversees economic sanctions. Officials noted that the hackers accessed unclassified documents, raising concerns about the potential disclosure of sensitive information regarding sanctions deliberations. The breach, which the Treasury became aware of on December 8, 2024, leveraged private key from the technology vendor BeyondTrust, which is utilized for remote support, that the hackers acquired. The Treasury’s Assistant Secretary for Management described the incident as “major,” and investigations are ongoing to assess the full impact of the breach.

The U.S. Treasury Department imposed sanctions on a Chinese cybersecurity firm, Beijing Integrity Technology Group, in response to its involvement in the Flax Typhoon cyberattacks, which compromised approximately 260,000 internet-connected devices globally, with half located in the United States. These attacks, linked to Chinese state actors, targeted government and industrial networks in multiple regions, including the U.S., Taiwan, and Europe. The firm plays a significant role in servicing China’s police and intelligence services and is believed to have facilitated the infiltration by obscuring the identity of the original hackers.

The Cybersecurity and Infrastructure Security Agency, known as CISA, announced no evidence of a broader government hack beyond the U.S. Treasury Department. CISA is actively monitoring the situation and working with federal authorities to ensure a thorough response to the incident.

The United States is considering banning TP-Link internet routers due to national security concerns linked to Chinese cyberattacks. Investigations by the Commerce, Defense, and Justice departments are underway, with reports indicating that TP-Link has been subpoenaed. The company holds a dominant 65 percent share of the U.S. router market, primarily because of the low cost of its products, which government agencies, including the Defense Department widely use. Additionally, concerns have been raised about TP-Link’s failure to address security flaws in its devices, with Microsoft revealing that compromised devices manufactured by TP-Link have been targeted by a hacking campaign linked to the Chinese government.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to secure their Microsoft cloud systems. The directive requires agencies to identify their cloud systems and implement necessary security assessments, with compliance deadlines set for February 21, 2025, and continuous reporting on requirements expected by April 25, 2025. Between 2023 and 2024, at least two significant breaches attributed to Russian and Chinese hackers raised alarms about vulnerabilities in cloud configurations. This new mandate builds on previous guidance from the Secure Cloud Business Applications initiative, which aims to protect federal information in cloud environments. CISA emphasizes that all organizations should adopt these security practices to safeguard against evolving cyber threats.

CISA has released an updated national cyber incident response plan, the first update since 2016. This draft plan, developed with input from over 150 experts from 66 organizations, aims to provide a practical roadmap for government and industry collaboration during major cyber events. Comments on the plan are due by January 15. Significant changes include a defined path for non-federal entities to engage with the government and preparation for new reporting requirements for critical infrastructure organizations.

CISA has reported significant progress in addressing vulnerabilities exposed by the SolarWinds cyber attack four years ago. Jeff Greene, CISA’s executive assistant director for cybersecurity, stated that the agency can now monitor over five million devices across ninety-four federal agencies, enhancing visibility into potential cyber incidents. Following a cybersecurity executive order signed by President Joe Biden in May 2021, CISA has improved data tracking and logging capabilities, allowing for faster incident responses. Greene emphasized that CISA can now analyze threats in real time, which has enabled the agency to detect nation-state activities effectively.

Why do we care?

If this was physical, this would be headline news.   Imposing sanctions on a Chinese cybersecurity firm (Beijing Integrity Technology Group) seems underwhelming given the scale of the breach and its implications.

While I am in no way advocating for “Doing nothing” regarding cybersecurity, I have a customer-centric view of cybersecurity. Cyberattacks are essentially treated as “the cost of doing business,” with no meaningful escalation to impose real costs on the perpetrators. Calls for enhanced cybersecurity tools and compliance requirements for federal agencies often lead to significant expenditures without addressing the root problem: state-sponsored attackers are playing a different game.   

Throwing money at tools and systems is futile if breaches continue to occur due to human error or exploitable vendor weaknesses.    If you are in the business of defending customers, you want change.

Incentivizing companies to adopt secure supply chain practices—perhaps through tax breaks or procurement preferences—could reduce vulnerabilities.  That could eventually lead to penalities.  

For China, cyberattacks are a low-cost, high-reward strategy. Without a more assertive response, the U.S. risks normalizing these attacks, inadvertently signaling that even breaches of critical systems like the Treasury can occur without serious consequences.   The industry must advocate for comprehensive strategies that blend defense, offense, deterrence, and diplomacy, recognizing that cybersecurity isn’t just a technical problem—it’s a cornerstone of national security.  

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories