In a concerning development, Chinese-state hackers known as Salt Typhoon infiltrated a U.S. National Guard network from March 2024 through December 2024. This cyberespionage group is believed to have connections with the Chinese Ministry of State Security (MSS) and has conducted extensive campaigns against various U.S. targets. The breach involved considerable access to sensitive data, including military and law enforcement information related to the operations of the National Guard across multiple states.
The breach’s duration allowed the hackers to compromise systems over approximately nine months, dramatically affecting at least one unidentified U.S. state’s Army National Guard network. In addition to the specific state’s network, intrusions extended to critical data traffic and operational maps relevant to Army National Guard networks across all other U.S. states and at least four territories, indicating a wide-ranging impact. Sensitive military or law enforcement information was also compromised during the attack, which further heightens the risks to national security.
These networks are integrated with state fusion centers designed to share information regarding cyber threats. Salt Typhoon’s access to such critical information poses serious implications for U.S. national security and local cybersecurity efforts. The National Guard’s roles in disaster response and public safety operations were particularly vulnerable, leading to fears that the hackers might disrupt U.S. critical infrastructure in future conflicts. Additionally, the necessity of improving cybersecurity protocols was underscored by this incident, emphasizing the urgent need for enhanced protective measures.
In spite of this intrusion, the National Guard reportedly continued executing its missions without observable operational failures. Following the revelation of the breach, the Department of Defense and the Department of Homeland Security initiated investigations into the full extent and implications of the data theft, with the National Guard Bureau confirming the breach as they withheld specific details because of ongoing inquiries.
Insights surfaced from a DHS memo, obtained via a Freedom of Information Act request, providing information into the incident. The FBI is pursuing leads and has even placed a reward of up to $10 million for information relating to Salt Typhoon operatives, indicating the ongoing concern among U.S. authorities regarding this persistent cybersecurity threat.
