The U.S. Congressional Budget Office (CBO) suffered a cybersecurity breach by a suspected foreign hacker, potentially exposing sensitive internal communications and data. The intrusion, detected recently, raised concerns over the exposure of emails and exchanges between congressional offices and CBO analysts. While officials claim the breach was contained early, some congressional offices temporarily halted communications with the CBO due to security fears. The CBO, a nonpartisan agency providing economic analysis and legislative cost estimates, could have had draft reports, economic forecasts, and internal discussions compromised. The attack aligns with a broader trend of cyber incidents targeting U.S. government agencies, including prior breaches at the Treasury Department and the Committee on Foreign Investment in the United States (CFIUS), attributed to the Chinese state-sponsored APT group *Silk Typhoon*. This group previously exploited the *ProxyLogon* zero-day vulnerabilities in Microsoft Exchange Server in 2021, compromising tens of thousands of systems.
TPRM report: https://www.rankiteo.com/company/congressional-budget-office
"id": "con3362133110725",
"linkid": "congressional-budget-office",
"type": "Breach",
"date": "6/2021",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': ['U.S. Congressional Offices',
'Legislative Staff',
'Potentially other stakeholders '
'relying on CBO analysis'],
'industry': 'Public Sector / Legislative Support',
'location': 'Washington, D.C., USA',
'name': 'U.S. Congressional Budget Office (CBO)',
'type': 'Government Agency'}],
'attack_vector': ['Network Intrusion',
'Potential Exploitation of Zero-Day or Known '
'Vulnerabilities'],
'customer_advisories': ['Some congressional offices halted emails with CBO as '
'a precaution'],
'data_breach': {'data_exfiltration': ['Suspected, but unconfirmed'],
'sensitivity_of_data': ['High (sensitive legislative and '
'economic data)'],
'type_of_data_compromised': ['Emails',
'Internal Communications',
'Draft Legislative Reports',
'Economic Forecasts',
'Analyst Exchanges']},
'description': 'The U.S. Congressional Budget Office (CBO) confirms it '
'suffered a cybersecurity incident after a suspected foreign '
'hacker breached its network, potentially exposing sensitive '
'data, including emails and exchanges between congressional '
'offices and CBO analysts. The breach may have exposed draft '
'reports, economic forecasts, and internal communications. The '
'CBO acted quickly to contain the incident and implemented '
'additional monitoring and security controls. The attack is '
'part of a series of cyber incidents targeting U.S. government '
'agencies, with similarities to breaches attributed to the '
'Chinese state-sponsored APT group Silk Typhoon (also known '
'for exploiting ProxyLogon vulnerabilities in Microsoft '
'Exchange Server in 2021).',
'impact': {'brand_reputation_impact': ["Potential erosion of trust in CBO's "
'ability to secure sensitive '
'legislative and economic data'],
'data_compromised': ['Emails',
'Exchanges between congressional offices and '
'CBO analysts',
'Draft reports',
'Economic forecasts',
'Internal communications'],
'operational_impact': ['Temporary halt of email communications '
'between some congressional offices and the '
'CBO',
'Ongoing investigation'],
'systems_affected': ['CBO Network']},
'initial_access_broker': {'high_value_targets': ['Legislative data',
'Economic analysis',
'Internal communications']},
'investigation_status': 'Ongoing',
'motivation': ['Espionage', 'Data Theft', 'Intelligence Gathering'],
'post_incident_analysis': {'corrective_actions': ['Additional monitoring',
'New security controls']},
'references': [{'source': 'BleepingComputer'},
{'source': 'The Washington Post'}],
'response': {'communication_strategy': ['Public statement via spokesperson '
'(Caitlin Emma)',
'Notification to lawmakers',
'Media engagement (e.g., '
'BleepingComputer, The Washington '
'Post)'],
'containment_measures': ['Immediate action to contain the breach',
'Isolation of affected systems '
'(implied)'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': ['Implementation of additional '
'monitoring',
'New security controls']},
'stakeholder_advisories': ['Notification to lawmakers about potential '
'exposure of communications'],
'threat_actor': ['Suspected Foreign Hacker',
'Potentially Silk Typhoon (Chinese state-sponsored APT '
'group)'],
'title': 'Cybersecurity Incident at U.S. Congressional Budget Office (CBO)',
'type': ['Data Breach', 'Unauthorized Network Access', 'Espionage']}