Using Shutdown as Cover, Suspected Chinese Hackers Target the Congressional Budget Office

While President Donald Trump raved about his meeting with Chinese paramount leader Xi Jinping in South Korea on October 30, it was business as usual for Beijing, targeting Washington’s secrets and security in cyberspace. On November 7, the Congressional Budget Office (CBO) publicly confirmed that it had suffered a cybersecurity breach, with subsequent media reporting that Chinese state-backed hackers were suspected of conducting the attack.

The investigation, which remains ongoing, highlights China’s persistent campaign against U.S. federal agencies even as Washington has regressed in its efforts to strengthen its cyber defenses.

Hack May Have Exposed Sensitive Data on Government Operations

While the investigation remains ongoing, initial reporting suggests hackers may have infiltrated CBO’s network by exploiting an outdated Cisco firewall that had not been patched since 2024. This issue may also have been exacerbated by the government shutdown, as cybersecurity personnel were unable to perform key maintenance and patch management tasks needed to protect federal systems.

The CBO is a high-value target for foreign adversaries, given its role in producing both public and proprietary budgetary analysis, cost estimates, and economic assessments for Congress and acting as a repository for other federal data. Its system also handles sensitive communications between CBO analysts and lawmakers. The timing of the intrusion — shortly after a meeting between Trump and Xi — suggests a potential intelligence-gathering motive consistent with Beijing’s practice of leveraging cyber operations around high-level diplomatic engagements.

Implementation Failures Leave the Federal Enterprise Exposed

China has routinely sought access to U.S. federal networks for espionage and strategic advantage, though the tempo and sophistication of these operations have increased in recent years. Within the past year, Chinese hackers have penetrated the Treasury Department, the National Nuclear Security Administration, and the Department of Homeland Security, as well as networks housed within the Pentagon. These incidents reveal systemic weaknesses across the federal government that adversaries continue to exploit.

Yet the federal response has not kept pace. While the Biden administration issued Executive Order 14028, “Improving the Nation’s Cybersecurity,” in May 2021 to strengthen federal defenses and software supply-chain security, its effect on federal contracting remains uneven. Despite the order directing agencies to adopt zero-trust mandates and requiring the Federal Acquisition Regulatory Council to establish software procurement standards, those rules have yet to be finalized, leaving contractors subject to outdated security baselines and inconsistent compliance requirements. These challenges have also been complicated by Congress’s efforts to coordinate with Executive branch agencies responsible for responding to cybersecurity breaches, primarily the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), to receive assistance.

Congress Should Mandate Stronger Cybersecurity Protections

The breach at CBO highlights that cyber threats are outpacing the policies meant to protect U.S. federal networks, underscoring the need for sustained coordination and resourcing across the federal enterprise. Executive Order 14028 offered a blueprint for securing federal networks and supply chains, yet many of its directives remain unfulfilled.

Congress should also reform its procurement standards so that all vendors meet rigorous cybersecurity baselines and maintain the capacity to rapidly patch and update vulnerable systems. In parallel, appropriators should invest in programs to rebuild a well-trained, well-resourced cybersecurity workforce capable of defending critical government systems from foreign intrusion. This should start with sustained investment in CISA and workforce development programs to cultivate the next generation of cyber talent.

Jack Burnham is a research analyst in the China Program at the Foundation for Defense of Democracies (FDD). Jiwon Ma is a senior policy analyst at the Center on Cyber and Technology Innovation (CCTI) at FDD. For more analysis from Jack, Jiwon, and FDD, please subscribe HERE. Follow Jack on X @JackBurnham802. Follow Jiwon on X @jiwonma_92. Follow FDD on X @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.