Chinese hackers targeted email systems of US congressional staff, people familiar say

Douglas Rissing/Getty Images

Featured eBooks
CDM
Read Now

Future-Ready Workforce

Read Now

Health Tech

Read Now
Insights & Reports
Value Ripples Outward: How agentic AI transforms government permitting for greater efficiency and impact
Presented By Google Public Sector
Download Now
Defending government cloud against advancing threats
Presented By CrowdStrike
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

The incident adds another chapter in a storied history of China’s cyber attempts to nab sensitive data from U.S. government systems.

Chinese hackers targeted the email inboxes of staff working in several House of Representatives committees, according to two people with knowledge of the matter.

The people declined to disclose details of specific committees affected because an investigation into the intrusions is early and ongoing. They requested anonymity because they were not authorized to speak publicly about the matter. 

The Financial Times first reported details of the hacking attempts and said committees including foreign affairs, intelligence and armed services were impacted. FT said Salt Typhoon, a Chinese state-aligned hacking group that gained infamy in 2024 for its hacks into telecom systems around the world, was responsible for the House breaches. 

Nextgov/FCW could not independently confirm whether Salt Typhoon carried out the intrusions. China manages a swath of state-backed hacking collectives that have sought to access U.S. government systems, as well as organizations that have knowledge of U.S. government and legal affairs.

It’s also not clear who was targeted and whether their emails were successfully exfiltrated.

Congressional communications are a frequent target of foreign hackers because they can provide an unauthorized preview into legislative planning. 

Last year, the Congressional Budget Office, Capitol Hill’s nonpartisan accounting service that delivers financial assessments for legislation, was accessed in an intrusion potentially tied to a foreign hacker group. 

In late 2024, a foreign adversary also accessed the contents of email communications between congressional legislative staffers and staff in the Library of Congress’s Congressional Research Service.

China has regularly denied involvement in U.S. cyber intrusions.

“China opposes and fights all forms of hacking in accordance with the law. We do not encourage, support or connive at cyber attacks,” Chinese embassy spokesperson Liu Pengyu said in a statement when asked about the incident.

This story is breaking and may be updated. 

NEXT STORY: EEOC experienced security incident involving contractor’s ‘unauthorized’ access, email says