Subj : Chinese hackers were able
To   : All
From : Mike Powell
Date : Sat Jul 19 2025 09:14 am

Chinese hackers were able to breach US National Guard and stay undetected for
months

Date:
Fri, 18 Jul 2025 17:09:00 +0000

Description:
For nine months, the group lurked, exfiltrating sensitive data and
potentially moving to other networks, as well.

FULL STORY

A Chinese state-sponsored threat actor known as Salt Typhoon was lurking in
the network of the US Army National Guard for nine months, the US Government
has confirmed.

TheDepartment of Homeland Security (DHS) said the attackers were present in
the networks between March and December 2024.

During this time, the group stole sensitive data from its victims, including
administrator credentials, network traffic diagrams, geographical maps, and
personally identifiable information (PII) of service members. Furthermore,
the attackers accessed data traffic between the states network and every
other US state, and at least four additional territories. This means that
they could have pivoted to other networks as well, compromising even more
government and military targets.

Typhoon over America

It was not discussed how the breach happened, but DHS did say the group was
known for exploiting existing vulnerabilities (CVEs) in Ciscos routers and
similar hardware.

Salt Typhoon is a known Chinese state-sponsored threat actor, part of the
wider typhoon organization that includes groups such as Brass Typhoon, Volt
Typhoon, and others.

These organizations were tasked with infiltrating different core
organizations within the US, such as critical infrastructure organizations,
communications firms, government, military, and defense organizations, and
similar.

The goal of the campaign was to be present inside the networks should
tensions between the US and China over Taiwan escalate into a full-blown war,
giving it the ability to disrupt networks, and steal key intelligence.

Salt Typhoon is often in the media - with recent attacks against the likes of
AT&T, Verizon, Lumen, Charter, Windstream, and Viasat, to name a few, often
abusing unpatched Cisco routers to gain access, before deploying custom
malware such as JumblePath and GhostSpider.

Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/chinese-hackers-were-able-to-breach-us-
national-guard-and-stay-undetected-for-months

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.