The U.S. Congressional Budget Office (CBO) recently confirmed a cybersecurity incident on its network, believed to be a breach orchestrated by a suspected foreign actor. This intrusion raises significant concerns about the potential exposure of sensitive data. CBO spokesperson Caitlin Emma confirmed the “security incident” in a statement, emphasizing that the agency moved rapidly to contain the threat and bolster its defenses. The CBO serves as a nonpartisan resource for Congress, providing critical economic analysis and cost projections for legislative proposals, meaning a breach could compromise draft reports, economic forecasts, and confidential internal communications.
According to a statement provided by the CBO spokesperson, the agency identified the security issue and took immediate action to contain it. Furthermore, the CBO has “implemented additional monitoring and new security controls” to protect its systems moving forward. The agency noted that the incident is currently under investigation, but stressed that its work for Congress is continuing without interruption. The CBO also acknowledged that, like other government and private sector entities, it faces continuous threats to its network and must constantly monitor and address them.
The initial reports of the breach, first published by The Washington Post, highlighted the potential for compromise. Officials are reportedly concerned that emails and exchanges between CBO analysts and various congressional offices may have been exposed. Although officials have tried to reassure lawmakers that the intrusion was detected early, the seriousness of the breach has led to practical consequences: some congressional offices have allegedly halted email correspondence with the CBO as a precaution against further security risks.
This attack on the CBO is part of a growing pattern of cyber incidents targeting U.S. government agencies. In late 2024, the U.S. Treasury Department confirmed a breach that occurred via the third-party remote support platform, BeyondTrust. Similarly, the Committee on Foreign Investment in the United States (CFIUS), which vets foreign investments for national security implications, was compromised by the same group of attackers, underscoring the coordinated nature of these sophisticated threats.
These breaches, including the attack on the CBO, have been attributed to the Chinese state-sponsored Advanced Persistent Threat (APT) group known as Silk Typhoon. This group gained notoriety in early 2021 after it successfully exploited the ProxyLogon zero-day vulnerabilities affecting Microsoft Exchange Server, compromising an estimated 68,500 servers globally before security patches could be widely deployed. The group’s continued activity indicates a persistent and highly skilled threat targeting critical government infrastructure.
Reference:
