DHS Reports China’s ‘Salt Typhoon’ Group Hacked the National Guard

A Chinese cyber-espionage group, known as Salt Typhoon, has successfully infiltrated the National Guard network of at least one U.S. state for nearly a year, according to findings from the Department of Defense. This group is already notorious for one of the most extensive cyber-espionage initiatives targeting the U.S., and authorities suspect they may have accessed sensitive military and law enforcement information. Investigations are ongoing to determine the full extent of the breach. A June memo from the Department of Homeland Security detailed that Salt Typhoon compromised a state’s Army National Guard network between March and December 2024.

However, the specific state affected has not been disclosed. The information about the breach was shared with NBC News by the nonprofit organization Property of the People, which accessed it through a freedom of information request. The Department of Defense did not provide any comments regarding the breach, although a spokesperson from the National Guard Bureau confirmed the incident without disclosing further details. While the group’s activities were not denied by a spokesperson at the Chinese embassy in Washington, they claimed that the U.S. has failed to provide conclusive evidence linking Salt Typhoon to the Chinese government.

They emphasized that cyberattacks are a global concern, affecting all nations, including China. Salt Typhoon is particularly infamous for its capability to move from one organization to another. In the past year, the group has hacked several major U.S. internet and phone companies, enabling them to spy on sensitive communications, including those from both the Harris and Trump presidential campaigns, as well as from former Senate Majority Leader Chuck Schumer’s office. The implications of the breach may be severe; it could allow Beijing to gather information that facilitates further hacking into other state Army National Guard units, as well as their local cybersecurity partners.

Access to structural diagrams, location maps, and personal information of service members has also been reportedly secured by the hackers. In light of recent cybersecurity threats, the U.S. Treasury Department imposed sanctions on a Sichuan company for allegedly assisting China’s Ministry of State Security in the execution of Salt Typhoon operations. Once embedded, Salt Typhoon can prove to be challenging to eliminate; it has been reported that hackers could linger in an affected environment for extended periods, highlighting the ongoing threat posed by this group.