As cybersecurity experts have long warned about persistent threats from state-sponsored hacking groups, the Chinese cyber espionage unit known as “Salt Typhoon” demonstrated the severity of these warnings by infiltrating a U.S. state’s Army National Guard network for nearly nine months without detection.
The breach, which lasted from March to December 2024, compromised critical military infrastructure and exposed weaknesses in America’s state-level defense systems. The Department of Defense and Department of Homeland Security confirmed the intrusion but declined to identify which state National Guard was affected.
During the prolonged infiltration, Salt Typhoon employed advanced persistent threat tactics, exploiting old Cisco vulnerabilities to maintain stealthy access as it harvested administrator credentials and sensitive network configurations. The attackers specifically targeted Cisco and Palo Alto edge devices, taking advantage of security flaws dating back to 2018. The scope of compromised data proved vast and strategically valuable.
Hackers collected data traffic exchanged with units across all U.S. states and at least four territories, obtaining network diagrams and configuration files that could facilitate future penetration attempts. The stolen information included sensitive military and law enforcement data, providing attackers with detailed intelligence about America’s National Guard operations and cybersecurity infrastructure. Attackers also gained access to geographic location maps that could reveal strategic positioning of military assets.
This breach represents part of Salt Typhoon’s broader campaign against American infrastructure. The group previously targeted major telecommunications companies including AT&T and Verizon, compromising wiretap systems and communication networks. Similar operations extended to Canadian telecom providers, where hackers extracted sensitive call data through sustained infiltration campaigns.
The attack’s implications extend beyond immediate data theft. Security experts warn that exfiltrated network diagrams and configuration files could empower Salt Typhoon to target other state National Guard units and their cybersecurity partners more effectively.
This intelligence could potentially hamper coordinated emergency responses during future attacks on critical infrastructure, undermining state-level defenses precisely when they might be most needed. Federal authorities have launched extensive investigations to determine the full extent of compromised information as they provide guidance to National Guard units nationwide.
Despite officials confirming that National Guard missions remained operational throughout the breach, the incident highlights persistent vulnerabilities in state-level cybersecurity defenses and demonstrates China’s continuing commitment to infiltrating American military networks through patient, methodical cyber operations.
