TZUTC: -0500   
   MSGID: 1250.consprcy@1:2320/105 2ce0e32c   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Chinese hackers were able to breach US National Guard and stay undetected for   
   months   
      
   Date:   
   Fri, 18 Jul 2025 17:09:00 +0000   
      
   Description:   
   For nine months, the group lurked, exfiltrating sensitive data and    
   potentially moving to other networks, as well.   
      
   FULL STORY   
      
   A Chinese state-sponsored threat actor known as Salt Typhoon was lurking in   
   the network of the US Army National Guard for nine months, the US Government   
   has confirmed.    
      
   TheDepartment of Homeland Security (DHS) said the attackers were present in   
   the networks between March and December 2024.    
      
   During this time, the group stole sensitive data from its victims, including   
   administrator credentials, network traffic diagrams, geographical maps, and   
   personally identifiable information (PII) of service members. Furthermore,    
   the attackers accessed data traffic between the states network and every    
   other US state, and at least four additional territories. This means that    
   they could have pivoted to other networks as well, compromising even more   
   government and military targets.   
      
   Typhoon over America    
      
   It was not discussed how the breach happened, but DHS did say the group was   
   known for exploiting existing vulnerabilities (CVEs) in Ciscos routers and   
   similar hardware.    
      
   Salt Typhoon is a known Chinese state-sponsored threat actor, part of the   
   wider typhoon organization that includes groups such as Brass Typhoon, Volt   
   Typhoon, and others.    
      
   These organizations were tasked with infiltrating different core    
   organizations within the US, such as critical infrastructure organizations,   
   communications firms, government, military, and defense organizations, and   
   similar.    
      
   The goal of the campaign was to be present inside the networks should    
   tensions between the US and China over Taiwan escalate into a full-blown war,   
   giving it the ability to disrupt networks, and steal key intelligence.    
      
   Salt Typhoon is often in the media - with recent attacks against the likes of   
   AT&T, Verizon, Lumen, Charter, Windstream, and Viasat, to name a few, often   
   abusing unpatched Cisco routers to gain access, before deploying custom   
   malware such as JumblePath and GhostSpider.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/chinese-hackers-were-able-to-breach-us-   
   national-guard-and-stay-undetected-for-months   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426