The FBI is investigating suspicious cyber activity affecting an internal system used to manage court-authorized surveillance requests.
The bureau recently detected unusual activity on its internal networks and has begun investigating the scope and severity of the incident, according to a statement provided to CNN. Officials confirmed the activity has been addressed but declined to share technical details or specify whether any data was accessed.
A source familiar with the matter told CNN the suspicious activity involves a digital platform the FBI uses to manage wiretap requests and warrants under the Foreign Intelligence Surveillance Act (FISA). These systems are essential for national security and major criminal investigations, enabling the tracking and processing of court-approved surveillance orders.
The incident prompted a coordinated response from senior officials at the FBI and the US Department of Justice, including teams overseeing civil liberties and national security. Authorities are working to determine whether the activity was an attempted intrusion, a successful breach, or unauthorized internal access.
Investigators have not linked the suspicious activity to any specific threat actor. It is also unclear whether the incident is connected to previous large-scale cyber espionage campaigns targeting US communications infrastructure.
One such campaign, attributed to a Chinese state-sponsored group known as Salt Typhoon, infiltrated several US telecommunications providers in 2024. Attackers accessed systems used by telecom companies to fulfill lawful wiretap requests and government surveillance orders. Major carriers, including AT&T, Verizon, and Lumen Technologies, were reportedly affected, raising concerns that attackers may have accessed sensitive communications metadata or intercepted targeted conversations.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) later confirmed that Chinese-linked actors accessed call data records and communications related to individuals in political and government positions. Investigators also found evidence that attackers duplicated datasets tied to lawful surveillance requests.
The latest incident involves a separate FBI-operated system, not telecom providers. However, overlap in surveillance infrastructure has raised concerns that the same espionage actors may be targeting multiple layers of the US surveillance ecosystem.
The FBI reports it has contained the suspicious activity and continues to investigate to determine what occurred and whether any sensitive information was exposed.
Leave a Reply