Chinese Salt Typhoon APT breached National Guard network for nearly a year

Chinese Salt Typhoon APT breached National Guard network for nearly a year

A Chinese cyber-espionage group Salt Typhoon infiltrated the internal network of a US state’s Army National Guard for nearly a year, according to a Department of Homeland Security (DHS) memo obtained by NBC News.

The memo, based on findings from the Department of Defense (DoD), says the hackers “extensively compromised” the National Guard’s systems between March and December 2024. While the memo did not identify the affected state, it warned that the group may have gained access to sensitive military, law enforcement, and intelligence-sharing data.

A spokesperson for the National Guard Bureau confirmed the breach but offered few details, noting that the attack has not prevented the National Guard from accomplishing assigned state or federal missions.

Salt Typhoon has previously been linked to sweeping cyber-intrusions, including into major US telecom companies such as AT&T and Verizon. In 2023, US authorities discovered that the group used the breaches to spy on calls and texts associated with both the Biden and Trump presidential campaigns, as well as senior congressional offices.

In case of the National Guard’s dual state-federal role, the hackers reportedly accessed internal network diagrams, maps of National Guard facilities, and personal information about service members.

A DHS analysis warned the compromise “likely provided Beijing with data that could facilitate the hacking of other states’ Army National Guard units, and possibly many of their state-level cybersecurity partners.” Fourteen states currently use Guard personnel to help operate “fusion centers” that share intelligence between federal, state, and local agencies.

Last week, Italian authorities apprehended Xu Zewei, a 33-year-old Chinese national, suspected of involvement in a Silk Typhoon hacking campaign targeting US Covid-19 vaccine research. In the summer of 2020, the US Department of Justice indicted two Chinese nationals for allegedly participating in a decade-long effort to steal American trade secrets, including attempts to access COVID-19 research.

Back to the list

Latest Posts

UNC6148 threat actor actively targets outdated and patched SonicWall devices

UNC6148 threat actor actively targets outdated and patched SonicWall devices

The group is using stolen credentials and OTP seeds to regain access to devices even after security updates have been applied.
17 July 2025
Google patches Chrome zero-day allowing sandbox escape

Google patches Chrome zero-day allowing sandbox escape

The flaw stems from insufficient validation of untrusted input in ANGLE and GPU.
16 July 2025
Ukrainian police dismantle major server network used for malware distribution

Ukrainian police dismantle major server network used for malware distribution

Authorities identified a 33-year-old French national as the organizer of the illegal operation.
16 July 2025
Popular Posts
Featured vulnerabilities
CSRF in LedgerSMB
Medium Patched | 17 Jul, 2025
Information disclosure in ConnectWise PSA
Medium Patched | 17 Jul, 2025
Transient Scheduler Attack in Store Queue in Microsoft Windows
Low Patched | 17 Jul, 2025
Multiple vulnerabilities in Microsoft Edge
Сritical Patched | 17 Jul, 2025
Privilege escalation in shadow-utils component used by BIG-IP Next for Kubernetes
Medium Not Patched | 17 Jul, 2025