‘Salt Typhoon’ Hackers from China Breached US National Guard Network for Nearly a Year

A sophisticated Chinese government-linked cyber espionage group, known as ‘Salt Typhoon,’ successfully compromised the Army National Guard network of a U.S. state for nearly a year, according to a Department of Homeland Security (DHS) memo citing Pentagon findings.

The intrusion, which spanned from March 2024 to December 2024, raises concerns about the breadth and sensitivity of information accessed by one of the most notorious threat actors in the People’s Republic of China’s cyber arsenal.

Authorities Probe Depth of Data Exposure

Salt Typhoon, previously implicated in major breaches of critical U.S. infrastructure including at least eight of the nation’s largest telecommunications companies has exhibited extraordinary proficiency in moving laterally within and across organizational networks.

The DHS memo, released to NBC News via the transparency nonprofit Property of the People, does not disclose the specific state affected, but confirms the extensive infiltration of its Army National Guard IT infrastructure.

According to the Report, adversaries obtained detailed network diagrams, a geographic mapping of installations, and sensitive personal data pertaining to Guard members.

These details may have equipped the attackers to exploit further vulnerabilities in related state- and federal-level entities.

The National Guard Bureau confirmed the compromise but refrained from providing operational specifics, citing ongoing investigations.

A spokesperson emphasized that the breach has not hindered the National Guard’s execution of its federal or state missions, adding that the full scope of the intrusion remains under assessment.

Officials are reportedly working to determine the extent of data exfiltrated and to what degree it may have exposed law enforcement or military intelligence relevant to state or federal operations.

Of additional concern are National Guard linkages with local law enforcement “fusion centers” intelligence-sharing hubs present in 14 states which potentially allowed lateral movement into broader state-level cybersecurity or law enforcement networks.

According to the DHS memo, the infiltration “likely provided Beijing with data that could facilitate the hacking of other states’ Army National Guard units, and possibly many of their state-level cybersecurity partners.”

Advanced Lateral Movement Techniques

Salt Typhoon has demonstrated an ability to maintain persistent access in highly sensitive environments.

In previous incidents, the group leveraged access to major telecommunications carriers such as AT&T and Verizon, enabling surveillance of calls and text messages tied to political campaigns specifically those of Vice President Harris, former President Trump, and then-Senate Majority Leader Chuck Schumer.

Cybersecurity firm Cisco has documented cases where Salt Typhoon maintained stealthy access for up to three years before detection or eviction.

The Department of Defense has not commented on the breach, and a Chinese Embassy spokesperson in Washington neither confirmed nor denied the campaign, calling on the U.S. for “conclusive and reliable evidence” linking Salt Typhoon’s activity to the Chinese government.

As the U.S. Treasury Department sanctioned a Sichuan-based company in January 2025 for allegedly supporting Salt Typhoon operations on behalf of China’s Ministry of State Security, concerns are mounting over Beijing’s capacity to leverage strategic cyberattacks against government, defense, and private sector targets.

While telecommunications companies have publicized their efforts to contain previous Salt Typhoon intrusions, none have definitively asserted eradication of the threat.

Cybersecurity experts warn that such advanced persistent threats are uniquely difficult to fully remediate due to their ability to escalate privileges, pivot across network segments, and covertly remain embedded within complex systems for extended periods.

As federal and state authorities continue to dissect the National Guard breach, the incident underscores the persistent and evolving threat posed by Beijing-backed cyber operatives and the importance of sustained vigilance and robust cybersecurity across the U.S. defense and critical infrastructure landscape.

Find this Story Interesting! Follow us on Google NewsLinkedIn, and X to Get More Instant updates

Mandvi
Mandvi
Mandvi is a Security Reporter covering data breaches, malware, cyberattacks, data leaks, and more at Cyber Press.

Recent Articles

Related Stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here