The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to compromise other government networks. "Between March and December 2024, Salt Typhoon extensively compromised a US state's Army National Guard's network and, among other things, collected its network configuration and its data traffic with its counterparts' networks in every other US state and at least four US territories, according to a DOD report," reads the memo. "Between January and March 2024, Salt Typhoon exfiltrated configuration files associated with other U.S. government and critical infrastructure entities, including at least two U.S. state government agencies. During this time, the hackers stole network diagrams, configuration files, administrator credentials, and personal information of service members that could be used to breach National Guard and government networks in other states. A June 11 Department of Homeland Security memo, first reported by NBC, says that Salt Typhoon breached a U.S. state's Army National Guard network for nine months between March and December 2024. The memo further states that Salt Typhoon has previously utilized stolen network topologies and configuration files to compromise critical infrastructure and U.S. government agencies. The DHS warns that between 2023 and 2024, Salt Typhoon stole 1,462 network configuration files associated with approximately 70 U.S. government and critical infrastructure entities from 12 sectors. While it was not disclosed how Salt Typhoon breached the National Guard network, Salt Typhoon is known for targeting old vulnerabilities in networking devices, such as Cisco routers.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 17 Jul 2025 16:05:16 +0000