“The National Guard is aware of recent Department of Defense and Department of Homeland Security reporting regarding the Peoples Republic of China-affiliated hacking group, Salt Typhoon, and their targeting of Army National Guard networks between March and December 2024,” a National Guard’s spokesperson said. “While we cannot provide specific details on the attack or our response to it, we can say this attack has not prevented the National Guard from accomplishing assigned state or federal missions, and that NGB continues to investigate the intrusion to determine its full scope. We are taking this matter extremely seriously. Security protocols are in place to mitigate further risk and contain any potential data compromises, and the response is ongoing. We are coordinating closely with DHS and other federal partners.”
Part of a broader campaign against critical infrastructure
The National Guard breach represents part of a much larger Salt Typhoon campaign targeting the US government and critical infrastructure entities. According to the memo, “In 2023 and 2024, Salt Typhoon also stole 1,462 network configuration files associated with approximately 70 US government and critical infrastructure entities from 12 sectors, including Energy, Communications, Transportation, and Water and Wastewater.”
These configuration files pose a significant threat because they “could enable further computer network exploitation of other networks, including data capture, administrator account manipulation, and lateral movement between networks,” the document explained.
