Investigators believe a recent attack on a key FBI system may not have been random. There are growing concerns that a foreign government could be involved.

On February 17, the FBI noticed unusual network activity linked to its Digital Collection System Network. This system stores highly sensitive information, including data from court-approved wiretaps, pen registers, and FISA warrants. It also contains personal information about people currently under FBI investigation.

The FBI says it has “identified and addressed” the suspicious activity. However, it has not shared many details. It is still unclear whether the incident involved ransomware, espionage by a foreign government, or another type of cyberattack.

Because of the seriousness of the breach, the White House, the Department of Homeland Security (DHS), and the National Security Agency (NSA) are now part of the investigation. Their involvement suggests the incident may be significant.

Reports say the attackers did not break directly into FBI systems. Instead, they entered through a vendor’s internet service provider (ISP). By targeting this part of the supply chain, the hackers were able to bypass the FBI’s direct security defenses.

According to reports from The Wall Street Journal, U.S. investigators suspect the attackers may be linked to the Chinese government.

If true, it would not be the first time Chinese state-connected hackers used a telecommunications system to reach a target. In 2024, a group known as Salt Typhoon attacked major telecom companies like AT&T and Verizon. That campaign exposed call records and private communications of political figures and people connected to government activities. It also targeted law enforcement systems.

Other government systems have faced similar attacks. In 2023, ransomware hackers breached the U.S. Marshals Service and stole employee information, legal files, and administrative data. Last year, Russian hackers also targeted federal courts, forcing officials to rush to protect sensitive case files that could reveal confidential informants.

These incidents show a growing pattern. Nation-state hackers appear to be collecting intelligence by targeting government systems. Law enforcement networks are especially attractive because they hold large amounts of sensitive information. The latest breach suggests these attacks are becoming more advanced.

The Digital Collection System Network contains detailed surveillance data. This includes wiretap records and “pen register” information, which shows metadata such as which phone numbers a monitored line called and which numbers called it.

Lawmakers have raised concerns about telecom security. In December 2024, Senator Ron Wyden proposed a bill to strengthen protections for U.S. phone networks.

Back in 1994, Congress passed a law allowing government access to telecom systems for lawful surveillance. That law also allowed the Federal Communications Commission (FCC) to require telecom companies to secure their networks against unauthorized access. According to Wyden, those security rules were never fully enforced.

While introducing the Secure American Communications Act, Wyden warned that foreign hackers would eventually exploit weak protections if telecom companies were allowed to create their own cybersecurity standards.

The proposal did not move forward.

The February breach now raises serious questions. If attackers can reach the FBI’s wiretapping systems through a vendor’s ISP, other sensitive systems might also be at risk.

So far, the FBI says only that it detected and handled the suspicious activity. Few other details have been shared. What is clear is that federal law enforcement systems are facing ongoing and increasingly complex cyber threats.