Chinese hackers were able to breach US National Guard and stay undetected for months

  • The Department of Homeland Security says Salt Typhoon accessed National Guard systems
  • Hackers were present between March and December 2024
  • The group stole vital intelligence and personally identifiable information

A Chinese state-sponsored threat actor known as Salt Typhoon was lurking in the network of the US Army National Guard for nine months, the US Government has confirmed.

TheDepartment of Homeland Security (DHS) said the attackers were present in the networks between March and December 2024.

During this time, the group stole sensitive data from its victims, including administrator credentials, network traffic diagrams, geographical maps, and personally identifiable information (PII) of service members. Furthermore, the attackers accessed data traffic between the state’s network and every other US state, and at least four additional territories. This means that they could have pivoted to other networks as well, compromising even more government and military targets.

Typhoon over America

It was not discussed how the breach happened, but DHS did say the group was known for exploiting existing vulnerabilities (CVEs) in Cisco’s routers and similar hardware.

Salt Typhoon is a known Chinese state-sponsored threat actor, part of the wider “typhoon” organization that includes groups such as Brass Typhoon, Volt Typhoon, and others.

These organizations were tasked with infiltrating different core organizations within the US, such as critical infrastructure organizations, communications firms, government, military, and defense organizations, and similar.

The goal of the campaign was to be present inside the networks should tensions between the US and China over Taiwan escalate into a full-blown war, giving it the ability to disrupt networks, and steal key intelligence.

Salt Typhoon is often in the media – with recent attacks against the likes of AT&T, Verizon, Lumen, Charter, Windstream, and Viasat, to name a few, often abusing unpatched Cisco routers to gain access, before deploying custom malware such as JumblePath and GhostSpider.

Via BleepingComputer

You might also like

Related Articles

Sem imagem Cloud sovereignty in Europe and beyond: a tipping point?
<div>These cheap new noise-cancelling headphones have the style of the Sonos Ace for a fraction of the price – but you can still get Sonos’ originals for an amazing discount right now, too!</div>
These cheap new noise-cancelling headphones have the style of the Sonos Ace for a fraction of the price – but you can still get Sonos’ originals for an amazing discount right now, too!
Sem imagem The HTML Maze
Sem imagem 800,000 users at risk after MAJOR hack at betting giants — IP addresses, email addresses, and online activity compromised

Request data export

Use this form to request a copy of your data on this website.

Request data removal

Use this form to request removal of your data from this website.

Request data rectification

Use this form to request the rectification of your data on this website. Here you can correct or update your data, for example.

Request unsubscribe

Use this form to request to unsubscribe your email from our email lists.