In early November 2025, the US Congressional Budget Office (CBO) detected and confirmed a cyberattack by a suspected foreign actor. US officials briefed CNN that Chinese state-backed hackers are suspected. Security researcher Kevin Beaumont noted CBO had an outdated Cisco ASA firewall last patched in 2024, vulnerable to bugs being exploited by suspected PRC actors. CBO officials were concerned that hackers accessed internal emails, chat logs, and communications between lawmakers’ offices and CBO researchers. CBO confirmed the incident on November 6, stated immediate containment, and implemented additional security controls. The CBO was a high-value target as its data contains detailed economic projections, budget analyses, and policy impact assessments revealing US government legislative priorities.