‘Salt Typhoon’ hackers infiltrated National Guard, had 9 months of access: Memo
Chinese hackers infiltrated the network of at least one state’s National Guard and remained in its systems for over nine months, a Department of Homeland Security memo says. The findings, as first reported by NBC News, shed new light on the extent of the hacking campaign against the United States by China’s “Salt Typhoon.”
The June memo, based on an investigation by the Department of Defense, says the Chinese hackers “extensively compromised” an unnamed state’s National Guard network from March to December 2024. The memo was provided to NBC News by the national security transparency nonprofit Property of the People, which obtained it through a Freedom of Information Act request.
Sensitive access
“A recent compromise of a US state’s Army National Guard network by People’s Republic of China (PRC)-associated cyber actors—publicly tracked as Salt Typhoon—likely provided Beijing with data that could facilitate the hacking of other states’ Army National Guard units, and possibly many of their state-level cybersecurity partners,” the memo reads.
The hackers were able to access, among other things, “a map of geographic locations in the targeted state, diagrams of how internal networks are set up, and personal information of service members,” according to NBC News.
Chinese-government links
Salt Typhoon is the nickname provided by cybersecurity companies to an elite group of Chinese hackers believed to be associated with the country’s Ministry of State Security.
A National Guard Bureau spokesperson confirmed the compromise to NBC News, but could not “provide specific details on the attack” or its response to it.
“We can say this attack has not prevented the National Guard from accomplishing assigned state or federal missions, and that NGB continues to investigate the intrusion to determine its full scope,” the spokesperson said.
The Chinese government has repeatedly denied any connection to Salt Typhoon.
The hacking group, described as “the most active and persistent cyber threat” to U.S. institutions by the U.S. intelligence community, was accused of infiltrating nine U.S. telecommunications companies in late 2024, including AT&T, T-Mobile and Verizon. Salt Typhoon is said to have used that access to obtain the metadata of calls and text messages from both former Vice President Kamala Harris and President Donald Trump’s presidential campaigns.
Ella Rae Greene, Editor In Chief
