- The National Security Department says that Salt Typhoon agreed to the National Guard systems
- The computer pirates were present between March and December 2024
- The group stole vital intelligence and personal identification information
An actor of threat sponsored by the Chinese state known as Typhoon de Salt was on the stalking on the National Guard of the US Army. UU. For nine months, confirmed the United States government.
The National Security Departure (DHS) said the attackers were present in the networks between March and December 2024.
During this time, the group stole confidential data from its victims, including administrator credentials, network traffic diagrams, geographical maps and personal identification information (PII) of service members. In addition, the attackers accessed data traffic between the state network and any other state of the United States, and at least four additional territories. This means that they could also have turned to other networks, compromising even more government and military objectives.
Typhoon Over America
It was not discussed how the violation happened, but DHS said that the group was known for exploiting existing vulnerabilities (CVE) in Cisco routers and similar hardware.
Salt Typhoon is a well -known threat actor sponsored by the state, part of the most wide “Typhoon” organization that includes groups such as the brass typhoon, Typhoon Volt and others.
These organizations had the task of infiltrating different central organizations within the US, such as critical infrastructure organizations, communications companies, government, military and defense organizations, and the like.
The objective of the campaign was to be present within the networks if the tensions between the United States and China on Taiwan become a complete war, giving it the ability to interrupt the networks and steal key intelligence.
Salt Typhoon is often found in the media, with recent attacks against players such as AT&T, Verizon, Lumen, Charter, Windstream and Viasat, to name a few, often abusing Cisco routers without patches to get access, before deploying personalized malware such as Jumblept and Ghostspider.
Through Bleepingcomputer
