Salt Typhoon Strikes Again: A 'Serious Escalation' in Cyber Attacks
In a disturbing turn of events, a prolific Chinese hacking unit known as Salt Typhoon has breached the National Guard networks of at least one U.S. state, posing a significant threat to Defense Department systems and escalating the group's previous breaches into core telecom networks.
According to a Department of Homeland Security memo summarizing Pentagon findings, Salt Typhoon extensively compromised the network of a U.S. state's Army National Guard between March and December 2024. The breach allowed the group to collect sensitive information, including network configuration, data traffic, administrator credentials, and even personally identifiable information of service members.
This latest incident is a major escalation of Salt Typhoon's previous activities, which were first reported in September by The Wall Street Journal. Last year, the hacking unit was identified as part of a broader syndicate of state-backed groups tied to different military and intelligence arms of China's central government.
Experts warn that this breach is not just a localized incident but a serious threat to many Department of Defense systems. "Going forward, all U.S. forces must now assume their networks are compromised and will be degraded," said Gary Barlet, a former Air National Guard servicemember and former chief information officer at the U.S. Postal Service. "This is not just a matter of individual units being hacked but also a systemic threat to our entire defense posture."
Erlich Kron, a security awareness advocate at KnowBe4, added that cyberattacks play a critical role in military actions and can be coordinated with boots-on-the-ground operations. "As we've seen in several recent conflicts, this is just another example of the trouble [the Typhoon groups] can cause and the danger they pose," he said.
Ensar Seker, CISO at threat intelligence firm SOCRadar, expressed concern about how long Salt Typhoon dwelled in the National Guard systems undetected. "The revelation that Salt Typhoon maintained access to a U.S. National Guard network for nearly a year is a serious escalation in the cyber domain," he said. "It raises questions about visibility gaps, segmentation policies and detection capabilities in hybrid federal-state defense networks."
The breach also highlights concerns about local cybersecurity efforts to protect critical infrastructure. In at least one state, the local Army National Guard unit directly provides network defense services, which could have potentially been compromised by Salt Typhoon.
According to a report by NBC News, which obtained the Department of Homeland Security memo through a Freedom of Information Act request filed by the national security transparency nonprofit Property of the People, Salt Typhoon's success in compromising states' Army National Guard networks nationwide could undermine local cybersecurity efforts to protect critical infrastructure.
The Full Extent of the Breach
According to the memo, Salt Typhoon breached major telecom carriers in a global, multi-year espionage campaign uncovered last year. The hacking unit also exfiltrated configuration files associated with other U.S. government and critical infrastructure entities, including at least two U.S. state government agencies.
The incident highlights the vulnerability of national defense systems to cyber threats. As experts warn, the breach is not just a localized incident but a systemic threat to our entire defense posture.
A Call to Action
Given the severity of this incident, it's essential for policymakers and cybersecurity experts to take immediate action to address the vulnerabilities in national defense systems. This includes strengthening local cybersecurity efforts, improving detection capabilities, and enhancing visibility into hybrid federal-state defense networks.
The Department of Homeland Security memo emphasizes the need for a comprehensive response to this incident. As Gary Barlet noted, "Going forward, all U.S. forces must now assume their networks are compromised and will be degraded." It's time for policymakers to take concrete steps to address this threat and protect our national defense systems.