According to a Department of Homeland Security memorandum, the National Guard was recently hacked by a group of hackers in China known publicly as "Salt Typhoon." The hack appears to be a sort of reconnaissance to prepare for future network compromises.
Between March and December 2024, "Salt Typhoon extensively compromised a US state’s Army National Guard’s network and, among other things, collected its network configuration and its data traffic with its counterparts’ networks in every other US state and at least four US territories," a DHS memo reads.
The United States government has stated that Salt Typhoon is a part of the Chinese government, conducting state-sponsored cyber espionage, a claim that the Chinese government has described as "unreliable." In 2024, the U.S. government determined that Salt Typhoon had hacked eight American internet and phone companies, gaining access to private phone calls and text messages.
The recent hack on the National Guard exfiltrated configuration files and administrative credentials of their computer networks, which could enable other cyber intrusions not just on the National Guard but also on associated governmental agencies and critical infrastructure.
In a statement to NBC News, the National Guard confirmed that the cyberattack occurred but declined to provide additional details.