Was the Chinese hack of the U.S. Treasury primarily a “Store Now—Decrypt Later” operation? Or, more aptly, a “STEAL Now—Decrypt Later” strategy?

The December 2024 breach of the U.S. Treasury Department, attributed to China, has been widely reported as an espionage operation targeting unclassified data.
According to The New York Times, the attackers exploited a vulnerability in BeyondTrust’s remote support software, enabling access to workstations and data.
Yet, I found it curious that no reporting considered the possibility that part of the hack could have been a “Store Now—Decrypt Later” operation.
Let’s explore why that possibility warrants serious attention.
What is Store Now—Decrypt Later?
“Store Now—Decrypt Later” (SNDL) refers to the strategy of collecting encrypted data today, intending to decrypt it once quantum computing technology matures.
Quantum computers, when fully developed, will likely render most current encryption obsolete, allowing adversaries to unlock vast troves of previously inaccessible information.
This strategy has been widely attributed to China, known for its long-term, strategic approach to espionage.
As one expert quoted in BBC reporting on the hack stated, “China traditionally takes a very long and strategic view of how they conduct their espionage and intelligence operations.”
The Treasury Hack: More Than Meets the Eye?
While the breach is reported to have targeted unclassified data, it’s improbable that everything accessed by the hackers was unprotected. Even if a significant portion of the stolen data was readily accessible, there’s a strong likelihood that some encrypted data was also collected.
Encryption remains a cornerstone of securing sensitive information within government institutions, meaning any robust operation like this would likely seize everything of potential value—encrypted or not.
The fact that the reporting emphasizes espionage rather than disruption—a hallmark of a data-gathering operation—further supports this theory.
As Richard Forno, assistant director of the University of Maryland, Baltimore County Cybersecurity Institute, stated in a BBC report, “It’s more generic information gathering: Let’s see what we can get into, and see what we can find.”
But what happens when they steal encrypted data? They store it.
The Quantum Advantage
An essential aspect of the SNDL strategy is its reliance on time. Encrypted data stolen today may be worthless in its current state but could become a goldmine once quantum computers achieve decryption capability.
A quote from The Economist underscores this chilling reality:
“Criminal groups are targeting intellectual property and other kinds of data that will keep their value years from now when they decrypt it. This means that as quantum computers scale, there will be ‘submarine decryptions’ of data troves that will surface unexpectedly, just like submarines in water.”
This long-term view aligns perfectly with China’s strategic approach. By systematically collecting encrypted data during operations like the Treasury breach, they position themselves to exploit future quantum breakthroughs, potentially gaining access to decades of sensitive communications, financial information, and intellectual property.
A Strategic Blind Spot
The reporting on the Treasury breach has largely framed it as a current threat, focusing on the immediate implications of the data stolen.
However, failing to consider the potential for SNDL tactics risks underestimating the long-term implications of such cyberattacks.
If quantum-resistant encryption methods are not adopted swiftly and widely, today’s encrypted data will be tomorrow’s open book.
This should serve as a wake-up call not only for the government but also for private organizations, which remain equally vulnerable to quantum-enabled decryption.
Conclusion
The hack of the U.S. Treasury may indeed have exploited a vulnerability in BeyondTrust’s software, enabling attackers to access unclassified data.
But the absence of evidence suggesting encrypted data was collected does not mean it wasn’t. Given the scale of the breach, it’s highly likely that encrypted files were part of the haul, waiting for the day quantum computing renders them accessible.
China’s long-term, strategic approach to espionage makes the “Store Now—Decrypt Later” hypothesis not only plausible but probable. This underscores the urgency of developing and implementing quantum-resistant encryption to secure sensitive data for the future.
As Richard Forno also stated in the BBC report, “China traditionally takes a very long and strategic view of how they conduct their espionage and intelligence operations…the US tends to be much more reactive and much more interested in immediate and visible results.”
If we fail to act, today’s secure files may become tomorrow’s treasure trove for adversaries with the patience to wait—and the technology to decrypt.
Additional Reading
Disclaimer
IPProbe.Global is a service to the professional IP community. While every effort has been made to check the information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in IPProbe.Global. We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and is not intended to provide legal or other professional advice.

0 comments on ““Store (Steal) Now—Decrypt Later””