Congressional Budget Office Hacked: Security Breach Confirmed

U.S. Congressional Budget Office Confirms Security Breach

The U.S. Congressional Budget Office (CBO) has officially acknowledged a recent hacking incident. The agency is currently undertaking a thorough investigation to determine the full extent of the compromise.

Incident Response and Containment

According to Caitlin Emma, a CBO spokesperson, the agency swiftly identified the security incident. Immediate steps were taken to contain the breach and bolster defenses. Enhanced monitoring procedures and new security controls have been implemented to safeguard the agency’s systems.

CBO's Role and Importance

The CBO serves as a nonpartisan entity, providing crucial economic analysis and cost estimations to legislators. This support is integral throughout the federal budget process, including evaluations following the approval of bills by House and Senate committees.

Details of the Intrusion

Initial reports from The Washington Post indicate that foreign hackers were responsible for the intrusion. Concerns within the CBO center around potential access to internal email correspondence and chat logs.

Specifically, officials are worried about the compromise of communications between lawmakers’ offices and CBO researchers.

Potential Phishing Attacks

Reuters reported that the Senate Sergeant at Arms office alerted congressional offices to the breach. The warning highlighted the possibility that compromised emails between the CBO and congressional offices could be exploited in phishing campaigns.

Possible Entry Point: Outdated Firewall

The method by which hackers gained access remains unclear. However, security researcher Kevin Beaumont suggested a potential vulnerability in the CBO’s Cisco firewall.

Beaumont noted on Bluesky that the CBO was utilizing a Cisco ASA firewall that hadn’t been updated since 2024.

Exploited Vulnerabilities

At the time of Beaumont’s observation, the firewall was reportedly susceptible to recently discovered security flaws. These vulnerabilities were allegedly being actively exploited by hackers believed to be associated with the Chinese government.

Timing and Firewall Status

Beaumont pointed out that the firewall remained unpatched even after the federal government shutdown commenced on October 1st. He subsequently confirmed that the firewall is now offline.

Agency and Vendor Response

The CBO spokesperson refrained from commenting on Beaumont’s findings when questioned. Representatives from Cisco have not yet responded to requests for comment regarding the situation.

This incident underscores the critical importance of maintaining up-to-date security measures, particularly for agencies handling sensitive governmental data.