Hackers have compromised the US Library of Congress’ emails and gained access to internal communications for nine months.
It’s not often that hackers go after the Library of Congress, although it is a federal institution in the United States. There are two possible scenarios for the attack. Either the hackers didn’t know beforehand where they were breaking into, or they knew full well and likely believed they could move laterally to other infrastructure.
The Library of Congress has notified lawmakers regarding the cybersecurity incident, saying that an unknown adversary has compromised its IT systems. The hackers intercepted a number of emails between congressional offices and the library staff, according to an AP report.
“An adversary accessed email communications between congressional offices and some Library staff, including the Congressional Research Service, compromising the information contained in those emails during the timeframe of January to September 2024,” reads the notification sent by Library of Congress for some affected parties, as reported on X by Chad Pergram, Senior Congressional Correspondent for Fox News.
“The Library has mitigated the vulnerability that the adversary used to access the environment and has taken measures to prevent such incidents in the future. The matter has also been referred to law enforcement.”
The Library is keen on mentioning is that the House and Senate networks, including individual House and Senate email accounts, were not compromised in any way, and neither were the US Copyright Office systems.
It’s still unclear what exact emails were intercepted by hackers, and an investigation by law enforcement is currently underway.
What makes the Library of Congress a valid target is its closeness with the United States Congress, which is also why the authorities explicitly said that the House and Senate networks were not impacted by the attack.