In a significant security breach, the Chinese state-sponsored hacking group known as Salt Typhoon infiltrated a U.S. Army National Guard network, remaining undetected for nine months in 2024. The hackers reportedly stole critical network configuration files and administrator credentials, raising concerns over potential vulnerabilities across other government networks.
According to a memo from the Department of Homeland Security, first reported by NBC, the breach occurred from March to December of 2024. During this time, Salt Typhoon extracted sensitive information that could facilitate further hacks into U.S. government and critical infrastructure systems. The memo detailed that the group collected network diagrams and data traffic from other U.S. states and territories.
Salt Typhoon has gained notoriety in recent years for its cyberattacks targeting telecommunications and broadband providers. Notable companies attacked include AT&T, Verizon, and Viasat. Previous attacks have aimed to access sensitive call logs and private communications linked to U.S. law enforcement wiretap systems, demonstrating the strategic implications of these vulnerabilities.
The DHS memo also outlined potential avenues of infiltration, highlighting known vulnerabilities in networking devices utilized in past assaults. Specifically, the hackers leveraged flaws such as CVE-2018-0171, a critical flaw in Cisco systems allowing remote code execution, and CVE-2023-20198, a zero-day vulnerability enabling unauthorized device access.
As the National Guard Bureau confirmed the breach, they maintained that no federal or state missions were disrupted. Meanwhile, the Chinese embassy in Washington refrained from denying the allegations but criticized the lack of “conclusive and reliable evidence” linking the group to the Chinese government. These events underscore the ongoing cybersecurity risks faced by U.S. government entities in light of geopolitical tensions.