A major cyberespionage campaign by Chinese hacking group Salt Typhoon infiltrated a US state’s Army National Guard network, compromising data across the country. According to a Department of Homeland Security (DHS) memo, the attackers had persistent access from March to December 2024, raising alarm among cybersecurity officials.
Hackers Extracted National Guard Data Across States
The internal DHS memo, obtained by nonprofit Property of the People, described the intrusion as extensive. Salt Typhoon exfiltrated data traffic and maps from the compromised state’s National Guard network. Even more concerning, the stolen data included information exchanged with networks in every other US state and at least four US territories.
This kind of breach is not just a localized issue. The memo warned that it could significantly weaken the nation’s ability to defend critical infrastructure at the state and local levels. Many National Guard units are closely integrated with state fusion centers, which are tasked with sharing cyber threat intelligence.
Salt Typhoon Poses Broader Threat to US Infrastructure
US officials have long viewed Salt Typhoon as a top-tier cyber threat. More than just gathering intelligence, the group appears to be prepositioning itself to disrupt or paralyze US critical systems if a conflict with China arises. This strategy could allow China to undermine US response capabilities during a crisis.
Although the hackers’ identity remains officially unconfirmed, US intelligence strongly attributes the attack to Salt Typhoon, a group with known ties to China. Beijing continues to deny involvement in any cyber intrusions against the US.
Pentagon Involvement and Lack of Public Response
The DHS memo reportedly draws from Pentagon reporting. Neither the Department of Homeland Security nor the affected National Guard unit provided public comment at the time of reporting. The breach was first covered by NBC News, though many details remain classified.
The memo notes that the scale of the compromise—spanning months and touching nearly every state—makes this one of the most alarming state-level breaches in recent history. It also reinforces the vulnerability of state-based cyber defenses, especially when military systems overlap with civilian threat-sharing infrastructure.
Conclusion
The Salt Typhoon National Guard hack underscores the growing sophistication and reach of Chinese-linked cyberespionage groups. By targeting state-level military networks, these hackers not only collect intelligence but also erode national cybersecurity from the inside out. The breach leaves open critical questions about preparedness, response, and the protection of US infrastructure in the digital age.
0 responses to “Salt Typhoon National Guard Hack Compromised US State Networks in 2024”