Hackers Compromise Intelligence Website Used by CIA and Other Agencies

Unidentified hackers have successfully breached a critical intelligence website used by the CIA and other U.S. agencies to manage sensitive government contracts, according to the National Reconnaissance Office (NRO), the spy satellite service that operates the compromised platform.

The cyberattack targeted the Acquisition Research Center (ARC) website, an unclassified portal that serves as the primary access point for private companies seeking to do business with America’s intelligence community.

The breach compromised proprietary intellectual property and personal information submitted by vendors supporting several innovative CIA spying programs, including the highly classified Digital Hammer initiative.

Sources familiar with the investigation confirmed that data from Digital Hammer, one of the CIA’s most sensitive technology development programs, was among the information accessed by the hackers.

Digital Hammer compiles cutting-edge technologies for human intelligence gathering, surveillance, and counterintelligence operations, with a particular focus on countering Chinese intelligence and information operations.

The program develops sophisticated capabilities, including open-source intelligence platforms, miniaturized sensors, hidden surveillance tools, acoustic and communications systems, and artificial intelligence-powered data collection and analysis tools.

According to CIA Deputy Director of Acquisition Management Lori Ann Duvall-Jones, Digital Hammer serves as a contracting vehicle that allows vendors to present innovative offerings “within a CIA space”.

The extent of the breach remains under investigation by federal law enforcement, but intelligence sources indicate the hackers likely obtained information on key technologies crucial to CIA operations.

Other potentially compromised areas include Space Force surveillance satellite programs, space-based weapons development, and the Golden Dome missile defense program.

The ARC website serves as the intelligence community’s primary interface for market research, identifying business solutions, and communicating with industry partners.

Companies register through the system to explain their core competencies and access solicitations, capabilities briefings, and collaboration opportunities.

Intelligence Website Compromised

The intelligence website compromise comes amid a broader pattern of Chinese state-sponsored cyberattacks targeting critical U.S. infrastructure.

Microsoft revealed this week that Chinese hackers successfully penetrated the Department of Energy’s National Nuclear Security Administration (NNSA), the federal agency responsible for maintaining America’s nuclear weapons stockpile.

The NNSA breach, which occurred on July 18, exploited zero-day vulnerabilities in Microsoft SharePoint servers. Three Chinese threat groups Linen Typhoon, Violet Typhoon, and Storm-2603 were identified as the primary actors behind the SharePoint attacks, which ultimately compromised over 400 organizations and government agencies worldwide.

Linen Typhoon, active since 2012, specializes in stealing intellectual property from government, defense, and human rights organizations.

Violet Typhoon, operational since 2015, focuses on espionage campaigns targeting government personnel, NGOs, think tanks, and higher education institutions. Storm-2603 has been observed deploying ransomware using the same vulnerabilities.

L.J. Eads, a former Air Force intelligence officer and founder of Data Abyss, assessed that the ARC breach was not opportunistic but rather a sophisticated state-sponsored operation. “Given the sensitivity and exclusivity of the Digital Hammer program, this compromise almost certainly points to a state-sponsored actor, likely China,” Eads told The Washington Times.

“When proprietary innovations intended for CIA-backed programs are exfiltrated, it’s not just a vendor issue but a serious national security breach,” he emphasized.

The targeting of both the intelligence contracting website and the Nuclear Security Administration suggests a coordinated campaign to access America’s most sensitive defense capabilities.

The timing of these breaches is particularly concerning given recent warnings from NRO Director Christopher Scolese about escalating threats in the space domain.

During a security conference last summer, Scolese identified Russia and China as presenting distinct but equally serious challenges to U.S. space-based intelligence capabilities.

“Russia is pushing into more disruptive capabilities of space,” Scolese warned, noting Moscow’s development of space-based nuclear anti-satellite weapons.

However, he characterized China as presenting “a different threat” due to the country’s technological sophistication, economic strength, and comprehensive development of capabilities “across the spectrum of systems”.

The NRO director emphasized that while the United States currently maintains “the strongest capability” and “the best ISR [intelligence, surveillance, and reconnaissance],” China is “coming on strong” and represents an additional threat to American space operations.

An NRO spokesman confirmed the ongoing federal investigation but declined to provide additional details about the scope or impact of the breach.

“We can confirm that an incident involving our unclassified Acquisition Research Center website is currently being investigated by federal law enforcement,” the spokesman stated. “We do not comment on ongoing investigations”.

The agency has notified affected companies and is working to ensure that the full details of the compromise are identified while implementing appropriate countermeasures to prevent further losses.

While officials maintain that no classified information appears to have been compromised, the theft of proprietary intellectual property from defense contractors poses significant national security risks.

As federal investigators continue their work, the dual breaches of critical intelligence infrastructure highlight the sophisticated and persistent nature of foreign cyber threats targeting America’s most sensitive defense and intelligence capabilities.

Experience faster, more accurate phishing detection and enhanced protection for your business with real-time sandbox analysis-> Try ANY.RUN now