Cyber Security

CBO Cyber Attack: Foreign Actor Breaches US Congress’s Financial Hub

- by Ansari Alfaiz

The U.S. Congressional Budget Office (CBO) has confirmed it was the victim of a significant cyberattack, with a foreign nation-state actor suspected of orchestrating the breach. The incident, first reported on November 6, 2025, represents a serious intrusion into the core infrastructure of the U.S. legislative process, potentially exposing sensitive economic data and internal communications that shape federal lawmaking.

The CBO, a strictly nonpartisan agency, functions as the official financial analyst for the U.S. Congress, providing crucial economic projections and cost estimates—or “scores”—for every piece of legislation. The breach raises alarms that a foreign adversary may have gained insight into U.S. economic policy, legislative priorities, and potential fiscal vulnerabilities. U.S. officials familiar with the matter have indicated that state-sponsored hackers from China are believed to be behind the attack.​

“The Congressional Budget Office has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward,” CBO spokesperson Caitlin Emma said in a statement. “The incident is being investigated and work for the Congress continues”.

A dramatic image of the U.S. Capitol Building under a digital cyberattack, representing the CBO data breach by a foreign threat actor.

Anatomy of the Breach: An Unpatched Firewall

While the CBO has not officially commented on the technical specifics, evidence points to the exploitation of a known vulnerability in the agency’s network hardware.

  • The Attack Vector: Security researcher Kevin Beaumont identified that the CBO was using an outward-facing Cisco ASA firewall that had not been patched since 2024. This left the device vulnerable to a series of critical security flaws that were being actively exploited by suspected Chinese government-backed hackers.
  • The Timing: The lack of patching may have been exacerbated by the recent government shutdown, which could have delayed critical IT and cybersecurity operations, creating a window of opportunity for the attackers.
  • The Intrusion: By exploiting the firewall vulnerability, the hackers were able to gain access to the CBO’s internal network. Officials are now concerned that the intruders accessed internal emails, office chat logs, and sensitive communications between CBO researchers and the offices of U.S. lawmakers.

Following the public disclosure of the breach, the vulnerable Cisco firewall was taken offline.​

A High-Value Intelligence Target

The CBO is a uniquely valuable target for foreign intelligence agencies for several reasons:

  • Economic Forecasting: The agency produces detailed, non-public analyses of the U.S. and global economies, which could give an adversary a significant advantage in anticipating market movements and U.S. policy shifts.
  • Legislative Insight: By “scoring” legislation, the CBO is privy to the details of bills long before they become public. Access to this information could reveal U.S. government priorities and legislative plans, allowing a foreign power to craft counter-strategies or disinformation campaigns.​
  • Access to Lawmakers: The breach of communications between the CBO and congressional offices provides a wealth of intelligence on the internal deliberations of the U.S. government. The Senate Sergeant at Arms has already sent out a warning to congressional staff, advising them to be wary of phishing attacks sent from seemingly legitimate CBO accounts.​

This incident is part of a broader pattern of cyberattacks targeting U.S. legislative and financial bodies. A similar breach last year targeted communications between congressional staffers and the Congressional Research Service, indicating a concerted effort by foreign adversaries to infiltrate the heart of American policymaking.

Response and Investigation

The response to the CBO breach has been swift, involving multiple government agencies.

  • Containment: The CBO has confirmed it took immediate action to contain the breach and has implemented enhanced security monitoring and controls.
  • Investigation: A full investigation into the incident is underway to determine the full scope of the data exfiltrated and the exact identity of the attackers.​
  • Congressional Oversight: The House Homeland Security Committee has stated it is closely monitoring the situation and is in contact with both the CBO and the Cybersecurity and Infrastructure Security Agency (CISA) regarding mitigation efforts.​

The attack on the Congressional Budget Office is a stark reminder of the persistent and sophisticated cyber threats facing the U.S. government. As foreign actors increasingly target the sensitive data that underpins the legislative process, the security of these core institutions has become a critical component of national security.

SOURCES

  1. https://www.washingtonpost.com/business/2025/11/06/cbo-hack-congress-foreign/
  2. https://www.reuters.com/world/us/us-congressional-budget-office-hacked-by-suspected-foreign-actor-washington-post-2025-11-06/
  3. https://www.cnn.com/2025/11/06/politics/congressional-budget-office-hacked-china-suspected
  4. https://www.cxodigitalpulse.com/u-s-congressional-budget-office-confirms-cyberattack-foreign-hackers-suspected-in-data-breach/
  5. https://cyberpress.org/hacks-u-s-congressional-budget-office/
  6. https://siliconangle.com/2025/11/07/congressional-budget-office-breached-suspected-foreign-hackers/
  7. https://www.nextgov.com/cybersecurity/2025/11/cbo-systems-accessed-security-incident-possibly-tied-foreign-hackers/409379/
  8. https://www.foxnews.com/politics/congressional-budget-office-hit-cyberattack-raising-concerns-over-us-government-network-security
  9. https://techcrunch.com/2025/11/07/congressional-budget-office-confirms-it-was-hacked/
  10. https://www.independent.co.uk/news/world/americas/us-politics/cbo-hack-foreign-actor-congress-b2860434.html
  11. https://www.rescana.com/post/congressional-budget-office-cbo-cisco-asa-firewall-breach-cyberattack-details-impact-and-securi
  12. https://www.wired.com/story/the-government-shutdown-is-a-ticking-cybersecurity-time-bomb/
  13. https://www.esecurityplanet.com/threats/congressional-budget-office-hit-by-cyberattack-during-shutdown/
  14. https://www.politico.com/live-updates/2025/11/06/congress/congressional-budget-office-hacked-00640964
  15. https://www.scmagazine.com/news/nation-state-actor-suspected-of-cbo-cyberattack
  16. https://incyber.org/en/article/united-states-a-foreign-actor-hacked-the-congressional-budget-office/
  17. https://research.checkpoint.com/2025/10th-november-threat-intelligence-report/
  18. https://www.ohiosap.org/aws/OSAP/pt/sd/news_article/606529/_PARENT/layout_details/false
  19. https://cio.cimb.com/news-details/the-congressional-budget-office-was-hacked-it-says-it-has-implemented-new-security-measures-173866977X21
  20. https://www.bankinfosecurity.com/cbo-hit-by-suspected-nation-state-cyberattack-a-29958

About Ansari Alfaiz

Alfaiz Ansari (Alfaiznova), Founder and E-EAT Administrator of BroadChannel. OSCP and CEH certified. Expertise: Applied AI Security, Enterprise Cyber Defense, and Technical SEO. Every article is backed by verified authority and experience.

View all posts by Ansari Alfaiz →