US National Guard Network Hacked by Chinese Cyberespionage Group Salt Typhoon in 2024

The US National Guard network of an unnamed state was extensively hacked by the Chinese cyberespionage group "Salt Typhoon" between March and December 2024, according to a Department of Homeland Security memo. The hackers compromised the network, exfiltrating maps and data traffic with counterparts' networks in every other US state and four US territories. The memo warns that this could undermine local cybersecurity efforts to protect critical infrastructure.

The U.S. National Guard network of an unnamed state was extensively hacked by the Chinese cyberespionage group "Salt Typhoon" between March and December 2024, according to a Department of Homeland Security memo. The hackers compromised the network, exfiltrating maps and data traffic with counterparts' networks in every other US state and four US territories. The memo warns that this could undermine local cybersecurity efforts to protect critical infrastructure.

The National Guard Bureau spokesperson confirmed the compromise but declined to share specific details. The Department of Defense did not respond to a request for comment. A spokesperson for China’s embassy in Washington did not deny the campaign but stated that the U.S. has failed to prove China is behind the Salt Typhoon hacks.

The Salt Typhoon group is notorious for its ability to jump from one organization to another. Last year, U.S. authorities found that it had hacked at least eight of the country's largest internet and phone companies, including AT&T and Verizon, using access to spy on the calls and text messages of both the Harris and Trump presidential campaigns, as well as the office of then-Senate Majority Leader Chuck Schumer.

The hack "likely provided Beijing with data that could facilitate the hacking of other states’ Army National Guard units, and possibly many of their state-level cybersecurity partners," the DHS report found. The National Guard in 14 U.S. states work with law enforcement "fusion centers" to share intelligence, the DHS memo notes. The hackers accessed a map of geographic locations in the targeted state, diagrams of how internal networks are set up, and personal information of service members, it said.

In January, the Treasury Department — also a recent target of alleged Chinese hacking — sanctioned a Sichuan company for allegedly helping Beijing’s Ministry of State Security conduct Salt Typhoon operations.

Salt Typhoon can be pernicious and hard to root out once the hackers take hold. In the AT&T case, the company announced in December that it appeared as if they were no longer being affected and Verizon said in January it had “contained” the incident. Both companies stopped short of saying they were fully protected from the hackers returning. A report from Cisco said that, in at least one instance, Salt Typhoon hackers remained in an affected environment for up to three years.

References:
[1] https://www.nbcnews.com/tech/security/national-guard-was-hacked-chinas-salt-typhoon-group-dhs-says-rcna218648
[2] https://www.marketscreener.com/news/latest/US-National-Guard-unit-was-extensively-hacked-by-Salt-Typhoon-in-2024-memo-says-50518150/
[3] https://www.aol.com/national-guard-hacked-chinese-salt-190641393.html