Ethical Hacking News
Chinese hackers have breached a U.S. Army National Guard network for nine months, stealing sensitive network configuration files and administrator credentials that could be used to compromise other government networks. The breach highlights the ongoing threat posed by state-sponsored hacking entities like Salt Typhoon, which has a history of targeting telecommunications providers and governments worldwide.
The Chinese hackers, affiliated with the Ministry of State Security (MSS), breached a U.S. Army National Guard network for nine months.Salt Typhoon group, a state-sponsored hacking entity, targeted the National Guard network through old vulnerabilities in Cisco routers and other critical flaws.The breach allowed the hackers to collect sensitive data, including network diagrams, administrator credentials, and data traffic with counterparts' networks in every U.S. state and territory.The DHS memo urges organizations to patch vulnerabilities, implement additional security measures, and prioritize cybersecurity postures.The attack is seen as a clear indication of China's ongoing efforts to expand its cyber espionage capabilities.
In a shocking revelation, it has come to light that Chinese hackers, affiliated with the Ministry of State Security (MSS) intelligence agency, have successfully breached and remained undetected in a U.S. Army National Guard network for an astonishing nine months. This brazen attack, which occurred between March and December 2024, saw the hackers steal sensitive network configuration files, administrator credentials, and personal information of service members that could be used to compromise other government networks.
The Salt Typhoon group, a state-sponsored hacking entity, is believed to have targeted the National Guard network through old vulnerabilities in Cisco routers. According to a Department of Homeland Security (DHS) memo, first reported by NBC, the hackers exploited critical flaws in Cisco IOS and IOS XE Smart Install, as well as zero-day vulnerabilities in Cisco IOS XE web UI, to gain unauthorized access to the network. Additionally, Salt Typhoon utilized command injection vulnerabilities in Palo Alto Networks' PAN-OS GlobalProtect to execute malicious commands on devices.
The attack was particularly insidious, as it allowed the hackers to collect network diagrams, configuration files, and data traffic with counterparts' networks in every other U.S. state and at least four U.S. territories. Furthermore, the stolen data included administrator credentials and network diagrams that could be used to facilitate follow-on Salt Typhoon hacks of these units.
The DHS memo highlights the severity of this breach, warning National Guard and government cybersecurity teams to ensure the patching of these vulnerabilities and the implementation of additional security measures, such as segmenting SMB traffic, implementing SMB signing, and enforcing access controls. The agency also urges organizations to turn off unnecessary services and implement zero-trust approaches to software security.
It is worth noting that Salt Typhoon has a history of targeting telecommunications and broadband providers worldwide, including major companies like AT&T, Verizon, Lumen, Charter, Windstream, and Viasat. In previous attacks, the hackers have exploited these vulnerabilities to gain access to infrastructure and spy on communications of U.S. political campaigns and lawmakers.
The breach has sparked significant concern, with China's embassy in Washington stating that the U.S. had not provided "conclusive and reliable evidence" linking Salt Typhoon to the Chinese government. However, experts warn that this attack is a clear indication of China's ongoing efforts to expand its cyber espionage capabilities.
In light of this latest development, it has become increasingly essential for organizations to prioritize their cybersecurity postures and implement robust security measures to prevent similar breaches in the future. As the threat landscape continues to evolve, it is crucial for individuals and entities to remain vigilant and proactive in protecting themselves against these types of sophisticated attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Chinese-Hackers-Breach-US-National-Guard-Network-for-Nine-Months-ehn.shtml
https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-national-guard-to-steal-network-configurations/
Published: Thu Jul 17 12:18:46 2025 by llama3.2 3B Q4_K_M
