U.S. investigators believe hackers affiliated with the Chinese government are responsible for a cyber intrusion on an internal Federal Bureau of Investigation computer network that holds information related to some domestic surveillance orders, according to people familiar with the matter.
The scope and severity of the intrusion aren’t known, and the investigation is in its early stages, the people said. Any preliminary conclusions could change as investigators gather more information.
If China is confirmed to be responsible for the breach, it would signal the latest intrusion by Beijing’s hackers of computer systems related to law-enforcement surveillance orders, which contain highly sensitive material.
A notification sent in recent days to some lawmakers in Congress said the FBI began investigating the matter last month, the people said. The intrusion involved hackers accessing an unclassified system that contains information about the calls and internet activity of criminal suspects and others under government surveillance. Information in the system includes incoming and outgoing calls, IP and website addresses and some routing information, but doesn’t include the contents of calls or digital communication.
“The FBI identified and addressed suspicious activities on FBI networks, and we have leveraged all technical capabilities to respond,” the bureau said in a statement. “We have nothing additional to provide.”
The Chinese Embassy in Washington didn’t immediately respond to a request for comment. China has historically denied Western accusations of hacks on government and business networks and accused the U.S. of being an aggressor in cyberspace.
CNN earlier reported Thursday that the FBI was investigating an intrusion into its internal systems.
The Wall Street Journal reported in 2024 that Chinese hackers—dubbed Salt Typhoon by cybersecurity researchers—had accessed information from systems the federal government uses for court-authorized network wiretapping requests as part of a sprawling compromise of America’s telecommunications providers.
It wasn’t clear if Salt Typhoon, a group the U.S. later said was linked to Chinese intelligence, was responsible for this latest breach or if it was the handiwork of another actor. The Chinese government is known to work with a large quantity of private contractors that are tasked with carrying out various hacking missions for China’s spy agencies.
The FBI has continued to investigate the Salt Typhoon intrusion, which current and former intelligence officials have described as one of the worst U.S. intelligence failures on record. It allowed Chinese spies to access vast quantities of U.S. customer call data, the unencrypted private calls and texts of at least scores of high-value individuals, including President Trump, and sensitive law-enforcement information and technical network information that could inform future attacks, the Journal previously reported .
The Salt Typhoon campaign dates back to at least 2019, but took U.S. authorities about five years to uncover. Officials later determined the Chinese espionage group had targeted over 80 countries.
While some affected telecommunications firms and U.S. officials have said the episode was remediated, others have said vulnerabilities hadn’t been fully fixed and that the threat remained.
“I believe they are still inside,” Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee and a former telecommunications executive, told reporters during a briefing in December.
Write to Dustin Volz at dustin.volz@wsj.com
