China is once again under global scrutiny for cyber espionage after a bombshell Department of Homeland Security (DHS) memo revealed that a powerful cyber-espionage group, dubbed Salt Typhoon, successfully infiltrated a U.S. Army National Guard network, exfiltrating sensitive military data that may compromise national security.
The confidential document, obtained through a Freedom of Information Act (FOIA) request by national security nonprofit Property of the People, confirms that between March and December 2024, a U.S. state’s Army National Guard network was “extensively compromised.” Worse still, the breach extended to all other U.S. states and at least four U.S. territories, exposing inter-network traffic, administrator credentials, and detailed network diagrams.
Not Just Espionage—A Preemptive Strike?
U.S. officials say the scope of the attack by Salt Typhoon—an Advanced Persistent Threat (APT) allegedly backed by Beijing—goes beyond passive surveillance. The group’s objective appears to be setting up infrastructure-level access that could be exploited during a potential future conflict between the U.S. and China.
According to the memo, Salt Typhoon’s long-term access to National Guard systems “could hamstring” state-level cybersecurity teams, especially those involved in protecting critical infrastructure, such as power grids, water systems, and emergency response networks.
In 14 states, Army National Guard units are directly integrated with state fusion centers that share threat intelligence—including cyber threats—across agencies.
“If these PRC-linked cyber actors succeeded in pivoting into state-level cybersecurity networks, it could cripple America’s cyber defenses in the early hours of a confrontation,” the DHS document warned.
Sensitive Data Now in Chinese Hands
The yearlong breach reportedly provided Chinese operatives with:
Administrator login credentials
Detailed network diagrams
Statewide geographic maps
Configuration data and network traffic logs
Personally Identifiable Information (PII) of National Guard service members
This sensitive information, now believed to be in the hands of Chinese intelligence, could allow adversaries to simulate or disrupt U.S. response plans and critical systems in a national emergency.
F-35 Espionage Echoes: Did China Use Stolen Tech for the J-20?
This latest revelation comes barely a year after similar accusations were levied against China for allegedly stealing F-35 stealth fighter technology during cyberattacks on defense contractors such as Lockheed Martin and an Australian firm.
China’s Chengdu J-20—its answer to the American F-35—is suspected of incorporating stolen tech, particularly its Electro-Optical Targeting System, which strongly resembles the F-35’s. Experts say China’s J-20 now features advanced radar systems, stealth design, and supersonic capability, thanks in part to its domestic WS-15 engine, possibly giving it parity with Western jets.
Telecoms Also Targeted
Salt Typhoon has also breached telecommunications giants like Verizon, T-Mobile, and AT&T, often exploiting known Cisco vulnerabilities to infiltrate systems. These intrusions raise alarms about the resilience of American cyber-infrastructure, from military to civilian systems.
Beijing Denies Involvement
As with previous cyber intrusion accusations, the Chinese government has denied all involvement, dismissing the claims as “groundless” and politically motivated. But for U.S. cyber defenders, the damage may already be done.
What’s Next?
The DHS and the Department of Defense (DoD) have yet to comment publicly, but officials stress that Salt Typhoon is among the top five threats to U.S. cybersecurity. As geopolitical tensions with China rise over Taiwan, the South China Sea, and trade, the U.S. is now racing to harden cyber defenses before the next digital strike.