FBI Declares Chinese Cyber Intrusion a "Major Incident" Amid National Security Concerns
The FBI has classified a suspected Chinese cyber intrusion into a U.S. government surveillance system as a "major incident," citing risks to national security. According to senior law enforcement officials and sources familiar with the matter, the breach compromised sensitive law enforcement data, prompting the FBI to brief lawmakers on the incident.
The intrusion is believed to employ tactics similar to those used by Salt Typhoon, a China-linked hacking group uncovered in 2024. That campaign, one of the largest intelligence compromises in U.S. history, breached major telecommunications providers, stealing phone records of millions of Americans and FBI wiretap data. Under the 1994 Communications Assistance for Law Enforcement Act (CALEA), telecoms must maintain surveillance systems for court-ordered wiretaps systems that Salt Typhoon accessed in 2024. China has denied involvement in the operation.
Former officials describe the latest breach as part of a broader pattern of undeterred Chinese cyber operations, despite high-profile exposures like Salt Typhoon and diplomatic efforts to ease tensions. A former senior cybersecurity official noted that adversaries perceive U.S. defenses as weakened, particularly amid federal workforce reductions.
Sen. Mark Warner (D-Va.), vice chair of the Senate Intelligence Committee, warned that the incident reflects a persistent threat from China and other cyber adversaries, who continue to exploit vulnerabilities in U.S. systems. He criticized recent cutbacks in cybersecurity staffing at agencies like the FBI and CISA, arguing that such reductions undermine national defenses at a critical time.
Former FBI cyber official Cynthia Kaiser confirmed that China has long targeted U.S. communications to track intelligence and law enforcement activities. The latest intrusion was discovered after her departure from the agency in May. The FBI and CISA have not commented on the matter. The incident was first reported by Politico.
China TieTong Telecommunications Corporation cybersecurity rating report: https://www.rankiteo.com/company/china-tietong-telecommunications-corporation
U.S.-China Economic and Security Review Commission cybersecurity rating report: https://www.rankiteo.com/company/u.s.-china-economic-and-security-review-commission
"id": "CHIU.S1775183062",
"linkid": "china-tietong-telecommunications-corporation, u.s.-china-economic-and-security-review-commission",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'customers_affected': 'Millions of Americans (phone '
'records), U.S. intelligence and '
'law enforcement operations',
'industry': 'Law Enforcement, National Security',
'location': 'United States',
'name': 'U.S. Government (FBI, law enforcement '
'agencies)',
'type': 'Government'},
{'customers_affected': 'Millions of Americans',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'Telecommunications Providers',
'type': 'Private Sector'}],
'data_breach': {'number_of_records_exposed': "Millions of Americans' phone "
'records',
'personally_identifiable_information': 'Phone records',
'sensitivity_of_data': 'High (national security, '
'intelligence, law enforcement '
'operations)',
'type_of_data_compromised': 'Law enforcement data, wiretap '
'data, phone records'},
'description': 'The FBI has classified a suspected Chinese cyber intrusion '
"into a U.S. government surveillance system as a 'major "
"incident,' citing risks to national security. The breach "
'compromised sensitive law enforcement data, prompting the FBI '
'to brief lawmakers on the incident. The intrusion is believed '
'to employ tactics similar to those used by Salt Typhoon, a '
'China-linked hacking group.',
'impact': {'brand_reputation_impact': 'Undermined trust in U.S. cybersecurity '
'defenses',
'data_compromised': 'Sensitive law enforcement data, FBI wiretap '
'data, phone records of millions of Americans',
'operational_impact': 'Compromised national security, undermined '
'law enforcement surveillance capabilities',
'systems_affected': 'U.S. government surveillance system, '
"telecommunications providers' surveillance "
'systems (under CALEA)'},
'initial_access_broker': {'high_value_targets': 'U.S. government surveillance '
'systems, telecommunications '
"providers' CALEA-compliant "
'systems'},
'investigation_status': 'Ongoing',
'lessons_learned': 'Persistent threat from Chinese cyber operations despite '
'diplomatic efforts; perceived weakening of U.S. cyber '
'defenses due to workforce reductions; need for sustained '
'investment in cybersecurity infrastructure.',
'motivation': 'Intelligence gathering, tracking U.S. law enforcement and '
'intelligence activities',
'post_incident_analysis': {'root_causes': 'Exploitation of vulnerabilities in '
'U.S. government and '
'telecommunications surveillance '
'systems; perceived weakening of '
'U.S. cyber defenses; persistent '
'state-sponsored cyber operations '
'by China.'},
'recommendations': 'Increase cybersecurity staffing at federal agencies (FBI, '
'CISA); enhance monitoring and defensive measures for '
'critical surveillance systems; strengthen diplomatic and '
'deterrence efforts against state-sponsored cyber threats.',
'references': [{'source': 'Politico'}],
'regulatory_compliance': {'regulations_violated': 'Potential violations of '
'national security and '
'intelligence laws (details '
'not specified)'},
'response': {'law_enforcement_notified': 'FBI briefed lawmakers'},
'stakeholder_advisories': 'Lawmakers briefed by FBI; warnings issued by Sen. '
'Mark Warner and former officials about persistent '
'threats and weakened defenses.',
'threat_actor': 'Salt Typhoon (China-linked hacking group)',
'title': 'Chinese Cyber Intrusion into U.S. Government Surveillance System',
'type': 'Cyber Espionage'}