CyberSecurityBoard
Sponsor Register Login

Chinese 'Salt Typhoon' Hackers Hijacked US National Guard Network for Nearly a Year

Chinese state-sponsored hackers known as Salt Typhoon successfully infiltrated and maintained persistent access to a U.S. state’s Army National Guard network for nearly ten months, from March 2024 through December 2024, according to a Department of Homeland Security memo obtained by NBC News. The group’s ability to maintain undetected access for extended periods—with Cisco reporting instances of up to three years in some environments—suggests deployment of advanced rootkit technologies and living-off-the-land techniques that blend malicious activities with legitimate system processes, making detection exceptionally challenging for traditional security monitoring systems. The hackers successfully exfiltrated geographic location maps, internal network topology diagrams, and personal information of service members, creating a comprehensive intelligence profile that could facilitate future attacks against other National Guard units and state-level cybersecurity partners. The sophisticated cyberespionage campaign represents a significant escalation in Beijing’s ongoing cyber operations against American military infrastructure, potentially compromising sensitive defense information and operational security protocols. NBC News analysts noted that the group had previously compromised at least eight major U.S. internet and phone companies, including AT&T and Verizon, using these access points to monitor communications of the Harris and Trump presidential campaigns and Senate Majority Leader Chuck Schumer’s office. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The attack vector likely exploited the dual nature of National Guard units, which operate under both federal Department of Defense authority and state governance structures.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 16 Jul 2025 20:25:16 +0000


Cyber News related to Chinese 'Salt Typhoon' Hackers Hijacked US National Guard Network for Nearly a Year

CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
1 year ago Techtarget.com CVE-2023-27997 Volt Typhoon
Chinese hackers use custom malware to spy on US telecom networks - A primary component of the Salt Typhoon attacks was monitoring network activity and stealing data using packet-capturing tools like Tcpdump, Tpacap, Embedded Packet Capture, and a custom tool called JumbledPath. JumbledPath allowed Salt Typhoon ...
4 months ago Bleepingcomputer.com
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches - In January, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Sichuan Juxinhe Network Technology, a Chinese cybersecurity firm believed to be directly involved in the Salt Typhoon telecom ...
2 months ago Bleepingcomputer.com
The FBI's Brett Leatherman gives the latest ‘Typhoon’ forecast | The Record from Recorded Future News - We're fully engaged with the victims still, in order to ensure that there's containment, that there remains containment in the environment, and that, as the victims continue to do their work with CISA, their third-party remediation ...
2 months ago Therecord.media Volt Typhoon
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
Chinese 'Salt Typhoon' Hackers Hijacked US National Guard Network for Nearly a Year - Chinese state-sponsored hackers known as Salt Typhoon successfully infiltrated and maintained persistent access to a U.S. state’s Army National Guard network for nearly ten months, from March 2024 through December 2024, according to a ...
4 hours ago Cybersecuritynews.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
1 year ago Apnews.com
Chinese hackers breach more US telecoms via unpatched Cisco routers - Iniskt Group advises network admins operating Internet-exposed Cisco IOS XE network devices to apply available security patches as soon as possible and avoid exposing administration interfaces or non-essential services directly to the Internet. These ...
5 months ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
1 year ago Darkreading.com
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
1 year ago Securityboulevard.com BlackTech Volt Typhoon
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports. As part of the observed attacks, the ...
1 year ago Securityweek.com CVE-2019-1653 CVE-2019-1652 Volt Typhoon
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
1 year ago Securityweek.com Volt Typhoon Hunters
Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet - Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting ...
1 year ago Packetstormsecurity.com Volt Typhoon Hunters
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
2 years ago Securityweek.com Silence
Salt Typhoon Hackers Exploited 1000+ Cisco Devices to Gain Admin Access  - The campaign highlights the ongoing vulnerability of critical infrastructure and the strategic intelligence threats posed by state-backed cyber actors. Salt Typhoon’s exploitation of Cisco devices exemplifies the growing trend of targeting ...
5 months ago Cybersecuritynews.com
Silk Typhoon hackers now target IT supply chains to breach networks - Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that ...
4 months ago Bleepingcomputer.com CVE-2024-3400
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
1 year ago Heimdalsecurity.com Volt Typhoon
Critical infrastructure hacks raise alarms on Chinese threats - A U.S. law enforcement operation in December disrupted a botnet of hundreds of routers operated by Chinese nation-state actors. The campaign has raised concerns about potentially destructive cyberattacks from the country. The law enforcement ...
1 year ago Techtarget.com Volt Typhoon
Belgium probes if Chinese hackers breached its intelligence service - According to The Brussels Times, the hacked server also routed internal HR exchanges among Belgian intelligence personnel, raising concerns about the potential exposure of sensitive personal data including identity documents and CVs belonging to ...
4 months ago Bleepingcomputer.com APT3 APT30 GALLIUM
Cyberthreat landscape permanently altered by Chinese operations, US officials say - SAN FRANCISCO - Even if the U.S. government eventually ejects a notorious Chinese hacking operation that has tunneled into critical infrastructure entities, the sweeping digital campaign has permanently altered the cyberthreat landscape, federal ...
1 year ago Therecord.media Volt Typhoon
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
100+ Malicious IPs Actively Exploiting Vulnerabilities in Cisco Devices - The Cybersecurity and Infrastructure Security Agency (CISA) has released guidance for addressing the Cisco IOS XE Web UI vulnerabilities, noting that CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco’s IOS XE ...
4 months ago Cybersecuritynews.com CVE-2023-20198 CVE-2018-0171
DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security - The cybersecurity arm of the Department of Homeland Security and the Federal Bureau of Investigation have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical ...
1 year ago Cysecurity.news

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)