日本語
한국어
Tiếng Việt
简体中文
A significant cybersecurity alert has been issued following a sophisticated breach of a US state’s National Guard network by the Chinese-linked cyber espionage collective, Salt Typhoon. This incident underscores a profound vulnerability in critical defense infrastructure.
Salt Typhoon’s Covert Infiltration and Data Exfiltration
The US Department of Defense (DoD) revealed that Salt Typhoon maintained a covert presence within the compromised network for nearly a year, from March 2024 to December of the previous year. This prolonged infiltration potentially exposed highly sensitive military and law enforcement data, as detailed in a DoD report obtained via a Freedom of Information (FOI) request by the nonprofit Property of the People. The report describes an “extensive compromise” of the National Guard’s digital defenses.
During their tenure within the network, Salt Typhoon is suspected of exfiltrating critical data. This includes vital configuration files belonging to various critical national infrastructure (CNI) organizations and state government agencies. Alarmingly, the stolen data also reportedly contained administrator credentials and comprehensive network diagrams, which the DoD warns could be leveraged for future, targeted attacks against these units. Specific details regarding the affected National Guard unit remain undisclosed for security reasons.
A Pattern of High-Stakes Cyber Espionage
This latest incident is consistent with Salt Typhoon’s established pattern of exploiting stolen network configurations for broader cyber intrusions. Between January 2023 and March 2024 alone, the group pilfered 1,462 configuration files from 70 US government and CNI entities across 12 crucial sectors, including energy, communication, transportation, and wastewater. The DoD’s assessment concludes that such successful infiltrations by Salt Typhoon could severely “undermine local cybersecurity efforts” designed to safeguard vital infrastructure.
This marks the second significant Salt Typhoon incident within two years, following earlier high-profile attacks on major US telecoms like AT&T and Verizon. Notably, in December, White House officials confirmed that a previous campaign by the group involved accessing and recording private conversations of “very senior” US political figures.
Expert Warns: “Assume Networks are Compromised”
Gary Barlet, Public Sector CTO at Illumio and former Chief of Ground Networks for the Air Force CIO, emphasized the sophisticated capabilities of Salt Typhoon in penetrating US government networks. Barlet issued a grave warning: “All US forces must now assume their networks are compromised.”
He stressed the severity of the National Guard incident, stating it “potentially poses a serious threat to many Department of Defense systems.” Barlet advocated strongly for aggressive adoption of Zero Trust architecture and robust breach containment strategies, citing Salt Typhoon’s proven ability for lateral movement across diverse units and systems. He also pointed out that this is not an isolated incident for the DoD, with numerous public and private sector breaches involving lateral movement of threats. Referencing the Ponemon Institute, Barlet noted that “55% of organizations admitted a compromised device had infected other devices on the network,” underscoring the pervasive nature of this vulnerability.
The Salt Typhoon breach serves as a critical reminder of the evolving and persistent threats facing national security. It reinforces the urgent need for enhanced cybersecurity measures and a proactive approach to defense in the digital realm.