In a revealing case of nation-state cyber espionage, a Chinese government-backed hacking group known as “Salt Typhoon” successfully infiltrated the network of a U.S. state’s Army National Guard, maintaining unauthorized access for several months in 2024.
Salt Typhoon is linked to China’s Ministry of State Security (MSS) and has been identified in several high-impact cyber intrusions aimed at government institutions and key industries. This particular operation against the National Guard allowed the attackers to monitor internal communications, extract detailed mapping data, and gain visibility into the Guard’s connections with its counterparts across the United States and in at least four U.S. territories.
According to a Homeland Security memo obtained by a transparency group, the attackers appeared to be conducting deep reconnaissance. U.S. officials believe the effort was not just aimed at gathering intelligence, but potentially at preparing the groundwork for more disruptive operations. Authorities suggest the goal may have been to enable the Chinese government to disable or manipulate critical infrastructure in the event of heightened geopolitical tensions or open conflict.
The breach is especially concerning due to the National Guard’s integration with state-level fusion centers — hubs that coordinate threat information sharing between the federal government and local agencies. These connections are essential for a timely response to emergencies, cyber crises, and national security threats. Compromising even one of these nodes could have downstream effects on national resilience and inter-agency coordination.
Although the Department of Defense and the National Guard Bureau have confirmed the intrusion, they have declined to identify the specific state affected or elaborate on the full scope of the attack. Sources indicate that while no mission-critical operations were compromised, sensitive military and law enforcement data were likely exposed.
Cybersecurity officials in Washington have placed Salt Typhoon among their top national security concerns. They point to a broader pattern in which state-sponsored groups, including those from China, Russia, Iran, and North Korea, are refining their tactics and frequently blending with criminal networks to obscure attribution. These operations are characterized by their persistence and stealth, often employing custom spyware, zero-day vulnerabilities, and long-term access strategies.
In response to mounting threats, federal agencies are urging stronger cybersecurity measures at both state and national levels. Enhanced detection capabilities, better information sharing, and increased investment in cyber defense resources have become key priorities. With adversaries now capable of silently preparing for future conflict through cyber means, the U.S. is shifting its focus from purely reactive strategies to proactive defense and resilience.
