First noticed in mid-February, a breach of FBI surveillance systems is being investigated by the FBI as well as the National Security Agency and the Cybersecurity and Infrastructure Security Agency. Investigators don’t yet know how compromising the hack is, but they believe that state-backed Chinese hackers are the culprits (CPO Magazine, March 11, 2026).
Inside sources have told media outlets that the investigation is in its early stages and the full severity and scope remain unknown….
[A notification to Congress] does not specify that the hackers had access to any surveillance target communications but does [indicate that they may have accessed] pen register and trap and trace surveillance returns (used to monitor call metadata)…. The personally identifiable information of some persons under investigation was present on the surveillance systems.
Even if it does not involve interception of communications, the breach of the surveillance systems is highly concerning as it could help foreign adversaries identify subjects under investigation. This essentially tells them which of their spies have been identified and potentially compromised.
The memo also contains some information about how the security breach occurred. It states that the hackers used sophisticated techniques and leveraged a commercial internet service provider vendor’s infrastructure to breach the surveillance systems, something both Chinese and Russian state-backed threat actors are notorious for doing. It is unclear at this point which of the numerous Chinese hacking groups may have been involved, however; or if there is any connection to the previous “Salt Typhoon” campaign of targeting US telcos to gain access to law enforcement wiretap systems.
CPO Magazine says that this breach is the second major one targeting federal law enforcement to occur during President Trump’s present term. The first, a cyberattack on an outdated case management system used by federal courts, occurred several months ago. That intrusion was attributed to hackers working for the Russian government who “not only accessed sensitive data, but attempted to alter court dockets for cases involving figures from Russia and other Eastern Europe nations.”
Steve Cobb of SecurityScorecard says that these attacks highlight “the persistent threat facing government systems. These environments often contain highly valuable intelligence and operational data, making them attractive targets for sophisticated cyber actors seeking long-term access or strategic insight.” He advises “continuous monitoring and real-time threat detection” so that agencies “can quickly identify unusual activity and respond before it escalates.”
The fact that the judicial system was using 1990s-era code has inspired congressional proposals to modernize. Good idea. Update outdated code. Also find a way to institute and enforce best security practices that cannot be confounded by bureaucratic inertia.
