U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
▼ Summary
– The U.S. Congressional Budget Office confirmed a cybersecurity breach by a suspected foreign hacker that may have exposed sensitive data and internal communications.
– CBO took immediate action to contain the incident and implemented additional monitoring and security controls to protect its systems.
– Some congressional offices reportedly halted email exchanges with CBO due to security concerns about potential exposure of draft reports and economic analysis.
– This breach is part of a series of recent cyber incidents targeting government agencies, including the Treasury Department and CFIUS.
– The attacks were attributed to Chinese state-sponsored hacking group Silk Typhoon, known for exploiting Microsoft Exchange Server vulnerabilities.
The U.S. Congressional Budget Office (CBO) has acknowledged a significant cybersecurity breach, reportedly carried out by a foreign actor, which may have compromised sensitive internal communications and data. A spokesperson for the agency confirmed the incident and outlined immediate containment measures, emphasizing that operations for Congress remain uninterrupted despite the intrusion.
Caitlin Emma, speaking on behalf of the CBO, stated that the agency moved swiftly to address the security event. She explained, “We identified the incident and took prompt action to contain it. We have since enhanced our monitoring capabilities and introduced new security protocols to better defend our systems moving forward.” Emma also noted that such threats are an ongoing challenge faced by many government and private organizations, and the CBO maintains continuous vigilance to counter them.
Initial reports from The Washington Post indicated the breach was discovered within the past several days. Concerns are mounting that the attackers may have accessed email correspondence and other exchanges between congressional offices and CBO analysts. Although officials informed lawmakers they believe the intrusion was identified at an early stage, some congressional offices have reportedly suspended email communications with the CBO as a precautionary measure.
As a nonpartisan federal agency, the CBO supplies economic analysis and cost projections for legislative proposals. A security compromise here could reveal draft reports, economic forecasts, and confidential internal discussions, potentially impacting the legislative process. This incident marks the latest in a string of cyberattacks directed at U.S. government bodies over recent months.
In a related incident from December 2024, the U.S. Treasury Department confirmed its systems were breached via a third-party remote access tool provided by BeyondTrust. The same threat actors also targeted the Committee on Foreign Investment in the United States (CFIUS), which evaluates foreign investments for possible national security implications.
U.S. authorities have attributed these attacks to Silk Typhoon, a Chinese state-sponsored Advanced Persistent Threat (APT) group. Silk Typhoon first gained notoriety in early 2021 by exploiting zero-day vulnerabilities in Microsoft Exchange Server, known as ProxyLogon. Before patches were made available, the group successfully compromised approximately 68,500 servers globally.
(Source: Bleeping Computer)
