The U.S. Congressional Budget Office (CBO), a federal agency responsible for providing nonpartisan economic and budgetary analysis to Congress, suffered a suspected nation-state cyberattack. The breach, detected recently, prompted immediate containment measures, including enhanced monitoring and new security controls. While details remain undisclosed, the attack may have exploited a firewall vulnerability in an unpatched Cisco ASA device, rendering the network security system unreachable.The CBO handles highly sensitive fiscal data, including economic projections and legislative cost estimates, which could provide foreign adversaries with strategic insights into U.S. policy priorities. The incident follows a pattern of targeted attacks on congressional entities, such as the 2024 breach of the Library of Congress, where hackers accessed months of emails tied to draft legislation. The ongoing federal government shutdown has exacerbated vulnerabilities, delaying critical defensive actions like patching and threat intelligence sharing.The full scope of the intrusion—including whether congressional communications, internal analyses, or budget models were compromised—remains under investigation. The attack underscores escalating risks to government agencies from state-sponsored cyber operations, with potential long-term implications for national security and legislative integrity.
Source: https://www.bankinfosecurity.com/cbo-hit-by-suspected-nation-state-cyberattack-a-29958
TPRM report: https://www.rankiteo.com/company/congressional-budget-office
"id": "con5502155110825",
"linkid": "congressional-budget-office",
"type": "Cyber Attack",
"date": "6/2024",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"{'affected_entities': [{'industry': 'Government / Legislative Support',
'location': 'United States',
'name': 'Congressional Budget Office (CBO)',
'type': 'U.S. Federal Agency'}],
'attack_vector': ['Firewall Exploit (suspected Cisco ASA vulnerability)',
'Potential Email Compromise'],
'data_breach': {'sensitivity_of_data': 'High (nonpublic legislative analysis, '
'policy discussions)',
'type_of_data_compromised': ['Sensitive fiscal data',
'Economic projections',
'Budget modeling',
'Potential email '
'correspondence']},
'date_publicly_disclosed': '2024-XX-XX (Friday, exact date unspecified)',
'description': 'The U.S. Congressional Budget Office (CBO), a federal agency '
'advising Congress on the cost and economic impact of '
'legislation, was breached by a suspected nation-state actor. '
"The agency identified a 'security incident' and took "
'immediate containment actions, including additional '
'monitoring and new security controls. The attack may have '
'exploited a firewall flaw in a Cisco ASA device, which was '
'last patched in 2024. The breach could provide foreign '
'adversaries with insights into sensitive fiscal data, '
'economic projections, and budget modeling. The investigation '
'is ongoing, and details about the scope of the intrusion '
'(e.g., exposure of emails between CBO and congressional '
'offices) remain unclear. This incident follows a 2024 breach '
'of the Library of Congress, also attributed to a nation-state '
'actor, which exposed months of email exchanges tied to draft '
'legislation.',
'impact': {'brand_reputation_impact': ["Potential erosion of trust in CBO's "
'cybersecurity posture',
'Concerns over protection of sensitive '
'legislative data'],
'data_compromised': ['Potential exposure of sensitive fiscal data',
'Economic projections',
'Budget modeling',
'Possible email correspondence with '
'congressional offices'],
'operational_impact': ['Ongoing investigation',
'Additional monitoring and security '
'controls implemented',
'Work for Congress continues despite '
'intrusion'],
'systems_affected': ['CBO network', 'Cisco ASA firewall device']},
'initial_access_broker': {'entry_point': ['Firewall exploit (Cisco ASA)',
'Potential phishing/email '
'compromise'],
'high_value_targets': ['Fiscal data',
'Legislative communications',
'Economic projections']},
'investigation_status': 'Ongoing (led by CBO with potential federal law '
'enforcement involvement)',
'motivation': ['Espionage',
'Access to sensitive fiscal/policy data',
'Insight into U.S. legislative priorities'],
'post_incident_analysis': {'corrective_actions': ['Additional monitoring',
'New security controls',
'Patch management review '
'(implied)'],
'root_causes': ['Unpatched firewall (Cisco ASA)',
'Potential delays due to '
'government shutdown (implied)']},
'references': [{'source': 'Information Security Media Group (ISMG)'},
{'source': 'Kevin Beaumont (British security researcher)'},
{'date_accessed': '2024-XX-XX (Friday)',
'source': 'CBO Chief of Media Communications (Caitlin Emma)'}],
'regulatory_compliance': {'regulatory_notifications': ['Likely notifications '
'to oversight bodies '
'(e.g., Congress, DHS '
'CISA)']},
'response': {'communication_strategy': ['Public disclosure via emailed '
'statement',
'Limited details shared to avoid '
'compromising investigation'],
'containment_measures': ['Immediate action to contain the '
'incident',
'Network segmentation (implied by '
"'unreachable' firewall)"],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'law_enforcement_notified': ['Federal law enforcement (implied, '
'as investigation is ongoing)'],
'network_segmentation': True,
'remediation_measures': ['Additional monitoring',
'New security controls implemented']},
'stakeholder_advisories': ['Congressional offices likely notified'],
'threat_actor': 'Suspected nation-state actor (unspecified)',
'title': 'CBO Hit by Suspected Nation-State Cyberattack',
'type': ['Cyberwarfare', 'Nation-State Attack', 'Unauthorized Access'],
'vulnerability_exploited': ['Unpatched Cisco ASA device (last patched in '
'2024)']}