For nearly a year, the U.S. National Guard’s network was infiltrated by a Chinese cyberespionage group, Salt Typhoon, raising questions about the security of our nation’s defense systems.
At a Glance
- Salt Typhoon, also known as APT41, compromised a U.S. state’s National Guard network from March to December 2024.
- The attack went undetected for almost a year, highlighting significant vulnerabilities in U.S. defense systems.
- The group has a history of targeting critical infrastructure worldwide, including major U.S. telecommunications companies.
- Ongoing investigations are assessing the scope of data accessed, with potential long-term implications for national security.
Cybersecurity Breach on U.S. Soil
The audacity of Salt Typhoon’s attack on a U.S. National Guard network is not just a breach of security—it’s an assault on our national sovereignty. This Chinese state-sponsored hacking group, known as APT41, infiltrated the network from March to December 2024. For nearly a year, our defenses were compromised, raising serious questions about the robustness of our cybersecurity protocols.
The Department of Homeland Security (DHS) revealed the breach in a memo released in June 2025, confirming the group’s ability to remain undetected and exploit vulnerabilities in decentralized systems. The National Guard Bureau, responsible for investigating the breach, has stated that mission readiness remains intact, but the integrity of sensitive data is still under scrutiny.
The Notorious Salt Typhoon
Salt Typhoon, operating under aliases like Wicked Panda and BARIUM, is notorious for its sophisticated cyber tactics. This group, active since at least 2014, has targeted a range of sectors globally, focusing on espionage and financially motivated operations. Their attack on the National Guard is just one chapter in a long history of cyber crimes, including previous breaches of telecommunications giants like AT&T and Verizon.
The group’s modus operandi involves leveraging custom malware and advanced persistence techniques, allowing them to penetrate deep into networks and extract valuable intelligence. Their ability to exploit trusted relationships between entities poses a significant threat to both public and private sectors.
Implications for National Security
The breach of a National Guard network is a stark reminder of the vulnerabilities within our national defense systems. The dual federal and state authority of the National Guard increases the risk of further compromises, potentially facilitating lateral movement into other sensitive systems. The breach underscores the need for enhanced cybersecurity measures and coordination across all levels of government.
In response to this brazen attack, the U.S. Treasury Department sanctioned a Sichuan-based company in January 2025 for supporting Salt Typhoon’s operations on behalf of China’s Ministry of State Security. While the Chinese government denies involvement, Western intelligence agencies remain confident in attributing the attack to state-sponsored actors.
Continued Vigilance Required
The full extent of the breach is still under investigation, with authorities working diligently to assess what sensitive military or law enforcement information might have been accessed. The National Guard continues to operate normally, but security reviews and remediation efforts are ongoing to prevent further intrusions.
This incident serves as a wake-up call for the U.S. military and intelligence community. The potential exposure of sensitive data could have far-reaching consequences for national security, necessitating a comprehensive overhaul of cybersecurity protocols and a renewed emphasis on resilience and coordination.
Sources:
Detect APT41 Attacks Abusing Google Calendar
APT41: Dual Espionage and Cyber Crime Operation
Chinese Hacking Group APT41 Exploits Google Calendar to Target Governments
