The attack on the CBO is the latest in a series of cyber incidents that have targeted government agencies over the past year.

In December 2024, the U.S. Treasury Department confirmed a breach through the third-party remote support platform, BeyondTrust.

The Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments for national security risks, was also breached by the same attackers.

The attacks were attributed to the Chinese state-sponsored Advanced Persistent Threat (APT) group known as Silk Typhoon.

Silk Typhoon became widely known in early 2021 after exploiting the ProxyLogonzero-day flaws impacting Microsoft Exchange Server, compromising an estimated 68,500 servers before security patches were released.