A Chinese government-linked hacking group known as Salt Typhoon infiltrated the Army National Guard network of an unnamed U.S. state and accessed sensitive data tied to networks in all other states and at least four U.S. territories, according to a confidential Department of Homeland Security (DHS) memo.
The breach, which occurred between March and December 2024, was described as an “extensive compromise” in a memo obtained by Property of the People, a nonprofit focused on national security transparency. The memo indicates that attackers exfiltrated operational maps and internal data traffic, exposing sensitive communications between interconnected state-level defense systems.
Intelligence-Gathering or Strategic Positioning?
U.S. cybersecurity officials are growing increasingly alarmed over Salt Typhoon, with mounting concerns that its activities extend beyond standard espionage. The DHS memo, citing Pentagon sources, suggests the group may be “prepositioning itself to paralyze U.S. critical infrastructure in the event of a conflict with China.”
While Beijing has repeatedly denied responsibility, U.S. authorities maintain that Salt Typhoon is a coordinated, state-backed threat actor that poses a risk not only to federal assets but to regional systems as well.
National Guard Integration Raises Broader Security Risks
The breach is particularly significant because state Army National Guard units are frequently integrated into state-level fusion centers. These centers are tasked with sharing threat intelligence across local, state, and federal agencies—including cyber threat data.
According to the DHS memo, the breach “could undermine local cybersecurity efforts to protect critical infrastructure” given the National Guard’s critical role in information sharing and emergency response coordination. The attackers’ ability to exfiltrate communications tied to “every other U.S. state” underscores how deeply embedded they were across the national defense landscape.
Agencies Silent So Far
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the National Guard have not commented on the breach. The story was first reported by NBC News following the release of the memo.
