Cyber Incident Victim: US House of Representatives committees
Date:
Dec 2025
Location:
United States of America
Summary
A Chinese hacking group known as Salt Typhoon compromised email accounts of staff members serving on several US House committees, including those focused on China, foreign affairs, intelligence, and armed services. The intrusion was discovered by investigators, though it remains uncertain whether the attackers accessed the personal email accounts of any lawmakers. US officials, including the Federal Bureau of Investigation and the White House, have not provided public comment on the incident, while Chinese representatives denied involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December the intrusion was detected. FT reported on Wednesday citing people familiar. Chinese hacking group Salt Typhoon compromised email accounts of staff members of powerful House committees. Accessed email systems used by some staffers on the House China committee and aides on panels covering foreign affairs, intelligence, and the armed services. Specific staffers were not identified. It remained unclear whether lawmakers' emails were accessed. Reuters could not immediately verify the report. Chinese Embassy spokesman Liu Pengyu condemned accusations as unfounded speculation. The FBI declined to comment. The White House and offices of the four committees reportedly targeted did not respond to requests for comment.
Salt Typhoon hackers have long been a concern for the US intelligence community. They are alleged to work for Chinese intelligence. They have been accused of gathering data on Americans' telephone communications and intercepted conversations including those between prominent US politicians and government officials. In December 2024 a top US security agency confirmed that foreign actors state-sponsored by the PRC compromised systems and exposed vulnerabilities across at least eight US communications companies per an FCC factsheet. In August 2025 CISA released an advisory on countering Chinese state-sponsored hackers noting a recent breach of US telecommunications infrastructure by Chinese actors underscores the growing scope and sophistication of China's cyber capabilities. The 2025 Annual Threat Assessment by the Office of the Director of National Intelligence named China as the most active and persistent cyber threat to US government private-sector and critical infrastructure networks.
Despite actions taken to secure US networks a recent vote to roll back cybersecurity regulations raised concerns within the Senate. Senator Mark R. Warner Vice Chairman of the Senate Select Committee on Intelligence and co-founder of the Senate Cybersecurity Caucus warned in November that the Salt Typhoon intrusion demonstrated that existing voluntary measures alone were insufficient to prevent sophisticated state-sponsored actors from gaining long-term covert access to critical networks. He added that Congress the administration and the FCC should be moving toward greater transparency and stronger protections not less. Beijing has repeatedly denied being behind the spying.
The compromise of email accounts of congressional staff demonstrated that their email systems were vulnerable to intrusion. The lack of immediate verification and limited official responses left the extent of data exposure uncertain. The incident contributed to ongoing debate about the adequacy of voluntary cybersecurity measures for protecting sensitive government communications. The episode reinforced assessments of China's persistent cyber threat posture toward US institutions.