Congressional Budget Office Under Sustained Cyberattack

November 15, 2025 | 1:27 PM CST

WASHINGTON — The Congressional Budget Office (CBO), the nonpartisan agency responsible for scoring legislation and forecasting federal spending, remains under an active and sophisticated cyberattack nine days after the breach was first disclosed, multiple sources confirmed to reporters on Saturday.U.S. officials now believe the intrusion—initially detected on November 6—was carried out by a foreign state actor, with strong indicators pointing to a Chinese government-linked hacking group. The attack exploited an unpatched vulnerability in a Cisco ASA firewall, a flaw first identified in 2024 but left unaddressed amid the ongoing federal government shutdown, now in its 37th day.

“The breach is ongoing,” a senior congressional aide told this outlet on condition of anonymity. “They’re still inside the network. We’re seeing persistent attempts to move laterally and exfiltrate data.”The CBO, which employs roughly 260 economists and analysts, produces cost estimates for every major bill before Congress. Its internal communications, draft reports, and economic models are considered high-value intelligence targets for foreign adversaries seeking insight into U.S. legislative priorities, trade strategy, and fiscal policy.

Breach Timeline

• November 6: CBO confirms “unauthorized access” to its network. Affected systems are isolated.  

• November 7: Senate Sergeant at Arms warns staff: “Do not open emails or click links from CBO addresses.” 

• November 10: House Budget Committee Chairman Jodey Arrington (R-TX) calls the incident “a complex attack by a foreign actor.”  

• November 13: Forensic analysis reveals exfiltration of unclassified but sensitive financial research and internal policy deliberations.  

• November 15: Attack remains active. No full containment achieved.

Attribution and Motive

Cybersecurity analysts tracking the intrusion have linked it to tactics, techniques, and procedures (TTPs) associated with APT41, a Chinese state-sponsored group previously tied to attacks on U.S. law firms, think tanks, and financial institutions.“This isn’t ransomware. This is espionage,” said a CISA official speaking off the record. “They’re after the data that shapes U.S. policy—budget baselines, deficit projections, trade impact analyses.”China’s embassy in Washington issued a denial Saturday morning. “The Chinese government opposes and strictly combats all forms of cyberattacks,” spokesperson Liu Pengyu said in a statement. “Baseless accusations without evidence are irresponsible.”

Shutdown Compounds Crisis

The federal shutdown—triggered by a standoff over border security funding and debt ceiling reforms—has furloughed approximately two-thirds of the Cybersecurity and Infrastructure Security Agency (CISA) workforce, severely limiting real-time response capabilities.“CISA is operating with a skeleton crew,” said Rep. Andrew Garbarino (R-NY), chair of the House Homeland Security Subcommittee on Cybersecurity. “We’re fighting a 21st-century threat with 20th-century resources.”

Congressional Response

Lawmakers from both parties have called for emergency cybersecurity funding and a rapid patching initiative across federal agencies. Senate Majority Leader John Thune (R-SD) said Saturday he is “working with leadership to ensure CBO regains full operational security before the next continuing resolution deadline.”Meanwhile, staffers on Capitol Hill have been instructed to route all CBO-related communications through secure alternative channels.

What Was Compromised?

While no classified systems were breached, sources confirm the following were accessed:

• Draft economic forecasts  

• Internal emails between CBO analysts and congressional committee staff  

• Preliminary cost estimates for upcoming infrastructure and defense bills  

• Sensitive modeling data on Social Security and Medicare solvency

Expert Warning

“This is a wake-up call,” said Dr. Emily Harding, director of cybersecurity at the Center for Strategic and International Studies. “If the Budget Office can be penetrated this deeply during a shutdown, no agency is safe.”The CBO has not announced a timeline for full system restoration. In a brief statement Saturday, the agency said it is “working around the clock with federal partners to mitigate the incident and strengthen defenses.”As Congress prepares to return from recess next week, the cyberattack has cast a shadow over already tense budget negotiations—and raised urgent questions about the cost of political gridlock in an era of relentless digital threats. 17GEN4.com