Chinese Hackers Breach U.S. Army National Guard Network, Raise Critical Infrastructure Concerns

A new Department of Defense (DoD) report reveals that Chinese state-sponsored hackers, known as Salt Typhoon, successfully breached the network of a U.S. state’s Army National Guard unit. The attackers extracted sensitive configuration data and monitored communications with other military and state-level cybersecurity partners across the country.

The breach underscores the growing risk of cyber intrusions targeting military and infrastructure-related entities as part of larger geopolitical cyber campaigns.

Who Is Salt Typhoon?

Salt Typhoon is a Chinese advanced persistent threat (APT) group previously linked to high-profile breaches involving:

• U.S. telecommunications companies, including AT&T, Verizon, and Lumen Technologies

• Wiretap surveillance systems, enabling access to private communications

• Canadian telecom providers, as recently disclosed by the Canadian Centre for Cyber Security and the FBI

National Guard Breach Details

According to the DoD’s June 2025 report, Salt Typhoon had access to the compromised National Guard network from March to December 2024, during which they:

• Exfiltrated network configuration data

• Monitored communications exchanged with counterparts in all 50 U.S. states and at least four U.S. territories

• Stole administrator credentials and network diagrams, which could be used in follow-on attacks

The breach could potentially compromise the cyber defense capabilities of National Guard units that collaborate with state governments to protect critical infrastructure.

Broader Attack Campaign

Between January and March 2024, Salt Typhoon also:

• Targeted at least two state government agencies

• Stole 1,462 configuration files affecting about 70 government and critical infrastructure organizations

• Focused on 12 critical sectors, including energy, water, transportation, and communications

Exploitation Method

For initial access, the group leveraged known vulnerabilities in edge network devices, including:

• CVE-2018-0171 (Cisco)

• CVE-2023-20198, CVE-2023-20273 (Cisco)

• CVE-2024-3400 (Palo Alto Networks)

These exploits enabled lateral movement and data exfiltration across interconnected networks.

Why It Matters

The National Guard plays a key role in cybersecurity readiness, especially at the state level. In 14 U.S. states, National Guard units are embedded within cyber fusion centers responsible for monitoring, incident response, and intelligence sharing. Breaches of these networks may expose:

• The cyber defense posture of affected states

• Personally identifiable information (PII) of cybersecurity personnel

• Operational details of inter-agency coordination

This incident highlights the critical need for hardened infrastructure and collaborative cyber defense across federal and state systems in the face of ongoing nation-state threats.