Chinese Hackers Infiltrated US Army National Guard Network for Nine Months, DHS Reveals

A classified Department of Homeland Security (DHS) memo has exposed a major security breach where Chinese state-sponsored hackers maintained unauthorized access to a U.S. Army National Guard network for nine months during 2024, compromising sensitive military and civilian infrastructure data. This incident represents one of the most significant advanced persistent threats to military networks in recent years.

The Chinese hacking group, known as Salt Typhoon, successfully penetrated an unnamed state's Army National Guard network from March through December 2024, accessing administrative credentials, network configurations, and personal information of service members. The breach's impact extended beyond the compromised state, affecting communications with all 50 states and four U.S. territories.

Military and Civilian Impact

The infiltration represents more than just a military security breach. National Guard units regularly assist with civilian infrastructure cyber defense, making them valuable targets for intelligence gathering. According to Bugcrowd founder Casey Ellis, "An intrusion on a National Guard isn't a 'military only' operation. States regularly engage their National Guard to assist with cyber defense of civilian infrastructure."

The hackers obtained data that could enable further system penetration and inform future attacks, highlighting the importance of implementing robust cybersecurity measures for business protection. This has prompted a coordinated response involving the Pentagon, DHS, CISA, and the National Guard Bureau.

Strategic Implications

Bryan Cunningham, President at Liberty Defense and former White House lawyer, views this breach as part of a larger pattern. "The U.S. and our democratic allies are already in at least a 'cold' third global conflict," he stated. Salt Typhoon, along with another Chinese group called Volt Typhoon, represents an ongoing threat to Western infrastructure.

Unlike Volt Typhoon's stealthy approach focused on long-term disruption, Salt Typhoon appears more aggressive in its intelligence-gathering operations. The breach highlights China's dual strategy of collecting intelligence while positioning for potential future disruption, demonstrating characteristics similar to sophisticated ransomware attacks targeting critical infrastructure.

Enhanced Security Measures

In response to this breach, cybersecurity experts recommend implementing:

• Continuous Network Monitoring: Deploy advanced threat detection systems
• Access Control Reviews: Regular audit of user permissions and credentials
• Enhanced Encryption: Implementation of military-grade encryption protocols
• Security Training: Comprehensive cybersecurity awareness programs

For more detailed information about the ongoing investigation, visit the CISA Advisory on Chinese State-Sponsored Cyber Operations.

The incident serves as a stark reminder that cyber threats continue to evolve, requiring constant vigilance and adaptation from both public and private sector organizations. As geopolitical tensions rise, similar infiltrations are expected to become more sophisticated and challenging to detect.