A cyber intrusion linked to a Chinese hacking group has reportedly compromised email systems used by staff members working for some of the most powerful committees in the U.S. House of Representatives, intensifying concerns about foreign surveillance of American political institutions.
The incident was first reported by the Financial Times, which cited people familiar with the matter. According to the report, the attackers gained access to email systems used by aides serving on committees responsible for overseeing China policy, foreign affairs, intelligence, and military operations. These panels routinely handle classified briefings and sensitive policy discussions, making them attractive targets for foreign intelligence collection.
The hacking group involved is known to cybersecurity researchers as Salt Typhoon, a name that has surfaced repeatedly in U.S. intelligence assessments tied to alleged Chinese cyberespionage activity.
Discovery of the Intrusion and What Remains Unknown
The reported intrusions were detected in December, but investigators are still working to determine the full scope of the breach. It remains unclear how long the attackers maintained access, what specific data may have been viewed or extracted, and whether any lawmakers’ own email accounts were compromised alongside those of staff members.
People familiar with the investigation told the Financial Times that the available evidence does not yet confirm whether elected members of Congress were directly affected. However, even access limited to staff communications could offer valuable insight into legislative strategy, internal deliberations, and U.S. national security priorities.
Reuters said it was unable to independently verify the Financial Times report, underscoring the sensitivity and evolving nature of the investigation.
Limited Official Responses From U.S. Authorities
Public responses from U.S. government agencies have so far been restrained. The Federal Bureau of Investigation declined to comment on the matter, and the White House did not immediately respond to requests for clarification.
Similarly, the House committees believed to have been impacted did not issue public statements following the report. The absence of immediate confirmation or denial reflects the classified nature of congressional cybersecurity incidents and the caution typically exercised while investigations are ongoing.
China Rejects Allegations of State-Backed Hacking
China swiftly denied the accusations. Liu Pengyu, a spokesperson for the Chinese Embassy in Washington, criticized the report as speculative and reiterated Beijing’s longstanding position that it opposes cyberattacks and rejects claims linking the Chinese government to hacking campaigns.
Chinese officials have consistently argued that allegations of state-sponsored cyberespionage are politically motivated and lack conclusive evidence. This response mirrors China’s reaction to previous U.S. intelligence findings and sanctions tied to alleged cyber operations.
Congress Remains a High-Value Intelligence Target
U.S. lawmakers and their aides have long been considered prime targets for foreign intelligence services. Congressional offices handle early drafts of legislation, internal assessments of foreign threats, and communications with senior defense and intelligence officials. Access to such information can provide adversaries with early warnings about policy shifts and strategic priorities.
Unlike executive branch agencies, Congress operates as a decentralized institution, with hundreds of offices managing their own communications and security practices. While cybersecurity protections have improved in recent years, experts have warned that this structure can still create exploitable gaps.
Over the years, multiple incidents have underscored the persistent interest foreign actors have shown in penetrating U.S. legislative systems.
A Pattern of Cyber Incidents Targeting Lawmakers
The latest report follows several recent cybersecurity incidents involving Congress. In November, the Senate Sergeant at Arms notified multiple Senate offices of a cyber incident in which hackers may have accessed communications between Senate staff and the nonpartisan Congressional Budget Office. That office provides lawmakers with critical financial data and cost estimates used in shaping legislation.
In another case, the Washington Post reported in 2023 that two senior U.S. lawmakers were among the targets of a hacking campaign linked to actors based in Vietnam. That disclosure reinforced concerns that congressional communications are routinely monitored by foreign entities seeking strategic advantage.
Salt Typhoon’s History Draws Scrutiny
Salt Typhoon has been a particular source of concern for U.S. intelligence agencies. The group is alleged by U.S. officials to be connected to Chinese intelligence services, although Beijing has repeatedly denied any association.
U.S. authorities have accused Salt Typhoon of participating in wide-ranging surveillance efforts, including the collection of data from telephone networks and the interception of conversations involving prominent political figures and government officials. Such activities, if confirmed, would represent one of the most expansive cyberespionage campaigns uncovered in recent years.
Sanctions Reflect Growing U.S. Pushback
In early 2024, the United States escalated its response by imposing sanctions on an alleged hacker, Yin Kecheng, and on Sichuan Juxinhe Network Technology, a Chinese cybersecurity company. U.S. officials accused both of involvement in Salt Typhoon’s operations.
The sanctions were intended to disrupt the group’s activities and signal Washington’s willingness to impose costs on individuals and firms accused of facilitating cyberespionage. China rejected the measures, maintaining that they were unjustified and based on unproven claims.
