FBI Confirms Major Cyber Incident Linked to Chinese Hackers The FBI recently notified Congress of a significant cyber intrusion under the Federal Information Security Modernization Act (FISMA), marking a rare declaration of a "major incident" involving its own systems. The breach, attributed to sophisticated hackers likely backed by China, compromised sensitive data, including legal surveillance returns such as pen register and trap-and-trace records and personally identifiable information tied to FBI investigations. The attack exploited a commercial internet service provider’s vendor infrastructure, demonstrating advanced tactics. While the exact trigger for the FISMA designation remains unclear, such incidents typically involve the exfiltration of data posing acute risks to national security, foreign relations, or public confidence. Former FBI cyber division official Cynthia Kaiser noted that the bureau has not reported a major incident of this scale since at least 2020, underscoring the severity of the breach. Pen register and trap-and-trace tools, which track call and internet activity without capturing content, are highly valuable to foreign intelligence services, as they could reveal FBI surveillance targets. The incident appears unrelated to a recent Iranian-linked compromise of FBI Director Kash Patel’s emails but aligns with China’s escalating cyber operations against U.S. national security systems. Sen. Mark Warner (D-Va.), chair of the Senate Intelligence Committee, described the breach as a stark reminder of China’s growing cyber aggression. Under FISMA, the declaration should trigger an interagency response, though it remains unclear whether containment efforts have been successful. The White House convened a meeting in early March with officials from the FBI, NSA, and CISA to address the breach. Chinese hackers have increasingly targeted commercial communications providers as entry points into federal networks, with recent campaigns such as those by groups like Volt Typhoon and Salt Typhoon compromising critical infrastructure and telecommunications providers, including the theft of call records and FBI wiretap data. While U.S. officials believe the FBI acted swiftly to mitigate the incident, the breach highlights persistent vulnerabilities in even the most secure systems. The attack serves as a reminder of the relentless threat posed by state-backed cyber adversaries.