U.S. Congressional Budget Office hit by suspected foreign cyberattack

The U.S. Congressional Budget Office (CBO) confirms it suffered a cybersecurity incident after a suspected foreign hacker breached its network, potentially exposing sensitive data.

In a statement shared with BleepingComputer, CBO spokesperson Caitlin Emma confirmed the “security incident” and said the agency acted quickly to contain it.

“The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” Emma told BleepingComputer.

“The incident is being investigated and work for the Congress continues. Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to address those threats.”

The Washington Post first reported the breach, stating that officials discovered the hack in recent days and are now concerned that emails and exchanges between congressional offices and the CBO’s analysts may have been exposed.

While officials have reported told lawmakers they believe the intrusion was detected early, some congressional office have allegedl halted emails with the CBO out of security concerns.

The CBO is a nonpartisan agency that provides lawmakers with economic analysis and cost estimates for proposed legislation. A breach of the agency could potentially expose draft reports, economic forecasts, and internal communications.

The attack on the CBO is the latest in a series of cyber incidents that have targeted government agencies over the past year.

In December 2024, the U.S. Treasury Department confirmed a breach through the third-party remote support platform, BeyondTrust.

The Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments for national security risks, was also breached by the same attackers.

See also  OnePlus Nord 5 review: selfie-centric midranger

The attacks were attributed to the Chinese state-sponsored Advanced Persistent Threat (APT) group known as Silk Typhoon.

Silk Typhoon became widely known in early 2021 after exploiting the ProxyLogon zero-day flaws impacting Microsoft Exchange Server, compromising an estimated 68,500 servers before security patches were released. 

Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.

Get the cheat sheet and take the guesswork out of secrets management.


Source link
Related Articles

Related posts:

  1. Russian airline Aeroflot grounds dozens of flights after cyberattack
  2. Cloudflare hit by data breach in Salesloft Drift supply chain attack
  3. Boyd Gaming discloses data breach after suffering a cyberattack
  4. Python rejects $1.5M grant from U.S. govt. fearing ethical compromise
Exit mobile version