The FBI — which first detected suspicious activity on Feb. 17, according to the notice — did not indicate who was responsible for the possible breach but said the hackers’ techniques “appear sophisticated.”
The details the FBI shared with Congress and the White House’s outreach to the NSA and CISA suggest the incident could be a significant cybersecurity and counterintelligence concern for the Trump administration.
“The affected system is unclassified and contains law enforcement sensitive information, including returns from legal process, such as pen register and trap and trace surveillance returns, and personally identifiable information pertaining to subjects of FBI investigations,” reads the notice, which was sent to the Hill on Wednesday.
Pen register and trap and trace devices are used by law enforcement to monitor call metadata to or from a target’s phone. While they do not record the content of those calls, the information captured is valuable to foreign intelligence services or organized criminal groups because it could reveal the targets of FBI surveillance and possible criminal probes.
The FBI said in its notice to Congress that one sign of the group’s advanced skills was how it broke through the FBI’s security controls by “leveraging a commercial Internet Service Provider vendor’s infrastructure” to slip into the FBI’s network. Advanced hacking groups from China and Russia have historically used footholds inside tech providers’ networks to leapfrog inside the well-defended targets, such as federal agencies.
The White House declined to comment on the specifics of this incident or a possible meeting with the NSA, CISA and FBI about it.
The FBI confirmed in a statement to POLITICO it had identified “suspicious” cyber activities on its network and is leveraging “all technical capabilities to respond.”
It’s unclear what other sensitive law enforcement data — such as communications content related to lawful wiretaps of criminal and foreign intelligence subjects — may have been compromised. The notice said the bureau is still working to assess the “scope and impact of the incident.”
A spokesperson for CISA declined to comment on how it is helping respond to the incident, deferring comment to the FBI. A spokesperson for the NSA did not respond to a request for comment.
CNN first reported the FBI was investigating “suspicious” cyber activity. AP news first reported on the Congressional notice.
The incident would be the second major hack to expose sensitive law enforcement data since President Donald Trump returned to office.
POLITICO first reported this summer on an extensive digital compromise of the federal judiciary’s online case management system, which officials feared had exposed information related to ongoing criminal investigations into Russian government hackers and Latin American drug cartels.
The incident also bears some resemblance to the sweeping campaign carried out against global telecommunications systems in 2024 by Chinese state hacking group Salt Typhoon — the extent of which is still not fully understood by U.S. officials.
Democratic lawmakers, former members of the Biden administration and even some FBI officials have repeatedly warned that the telecommunications providers breached in the 2024 hack never managed to fully evict Salt Typhoon.
News of the breach of U.S. telecommunications systems by the Salt Typhoon hackers was first reported in September 2024. The hacking group stole call records on millions of Americans and siphoned off messaging data from the phones of President Donald Trump, Vice President JD Vance and senior Hill staffers. It also accessed wiretap data from U.S. telecommunications providers, U.S. officials confirmed.
On Feb. 19, two days after the FBI said it first detected suspicious cyber activity in its networks, the deputy assistant director for cyber intelligence at the FBI told a cybersecurity conference that the threats from Salt Typhoon and other Chinese espionage groups are “still very, very much ongoing.”
Click Here For The Original Source.
