Chinese government-linked hackers have breached a network used by the Federal Bureau of Investigation to manage court-authorized surveillance operations. The intrusion, first detected on February 17, 2026, involved systems supporting the FBI’s Digital Collection System Network (DSCNet), infrastructure used to process wiretap and foreign intelligence surveillance requests. While the breach was initially handled quietly, the FBI informed Congress late last month, and details of the incident began circulating publicly in early March.

The attackers targeted a sensitive but technically unclassified segment of the network known as DCS-3000, commonly referred to as Red Hook. This system plays a critical role in managing pen register and trap-and-trace surveillance operations. These tools allow investigators to collect metadata such as dialed numbers, routing information, IP addresses, and other communication signaling data tied to active investigations

Although the system does not store the audio recordings or text content of intercepted communications, the data it holds remains highly sensitive. The compromised environment contained warrant information and the personally identifiable information of individuals under investigation, along with metadata used to map communication patterns during criminal and national security probes

The content of intercepted communications is handled separately through another system known as Digital Storm, which was not part of the compromised environment. Even so, the metadata housed within the targeted network provides investigators with the connective tissue needed to track communications and build cases. In many investigations, these records help establish relationships between suspects and identify networks of activity.

Investigators believe the attackers relied on careful operational security and infrastructure-level access rather than deploying conventional malware. Instead of launching a noisy intrusion directly against FBI systems, the hackers exploited the infrastructure of a commercial internet service provider connected to the surveillance network. By operating through a trusted vendor pathway, the attackers were able to blend malicious activity into legitimate network traffic and bypass internal security controls designed to detect unauthorized access.

This type of supply chain exploitation has become a common tactic among sophisticated state-sponsored threat groups. Rather than attacking government systems directly, adversaries increasingly target the surrounding ecosystem of vendors, contractors, and service providers that maintain connectivity to those environments

While the FBI has not publicly named a specific threat actor, U.S. authorities have attributed the operation to Chinese state-sponsored hackers. Security researchers and government officials suspect the involvement of Salt Typhoon, an advanced persistent threat group also known as APT41. The group has previously been linked to espionage campaigns targeting telecommunications infrastructure and government systems

Salt Typhoon drew significant attention in 2024 following a major breach of American telecommunications providers including AT&T and Verizon. That campaign allowed attackers to monitor communications tied to political campaigns and government officials, making it one of the most consequential espionage operations against U.S. telecom infrastructure in recent years

Democratic Senator Mark Warner, the ranking member of the Senate Intelligence Committee, has warned that the threat from Chinese cyber operators remains active and ongoing. Speaking about previous intrusions tied to the same group, Warner noted that investigators believe the hackers may still maintain footholds within certain systems.

The FBI has stated that it has identified and addressed suspicious activity associated with the breach and mobilized its technical response teams to investigate the incident. Officials have not confirmed whether any data was successfully exfiltrated from the compromised network

The post ​​How Chinese Hackers Reached America’s Surveillance Infrastructure appeared first on Centraleyes.

*** This is a Security Bloggers Network syndicated blog from Centraleyes authored by Rebecca Kappel. Read the original post at: https://www.centraleyes.com/how-chinese-hackers-reached-americas-surveillance-infrastructure/