- The Ministry of Internal Security says that Salt Typhoon has accessed the national guard systems
- The pirates were present between March and December 2024
- The group stole a vital intelligence and personally identifiable information
An actor of threat sponsored by the Chinese state known as Salt Typhoon was hiding in the network of the National Guard of the United States Army for nine months, confirmed the United States government.
The Interior Safety Internship (DHS) said that the attackers were present in the networks between March and December 2024.
Meanwhile, the group stole data sensitive to its victims, including administrative identification information, network traffic diagrams, geographic cards and personally identifiable information (PII) of service members. In addition, the attackers have accessed data traffic between the state network and all the other American states, and at least four additional territories. This means that they could also have pivoted other networks, compromising even more government and military targets.
Typhoon on America
It was not discussed how the violation occurred, but DHS said that the group was known to exploit existing vulnerabilities (CVE) in Cisco routers and similar equipment.
Salt Typhoon is an actor of threat sponsored by the known Chinese state, who is part of the broader “typhoon” organization which includes groups such as brass typhoon, volt typhoon and others.
These organizations were responsible for infiltrating various basic organizations in the United States, such as critical infrastructure organizations, communication companies, government, military and defense organizations, and similar.
The objective of the campaign was to be present inside the networks if the tensions between the United States and China over Taiwan were turning into a full war, which gives it the capacity to disturb networks and steal key information.
Salt Typhoon is often in the media – with recent attacks against AT&T, Verizon, Lumen, Charter, Windstream and Viasat, to name only a few, often by removing non -corrected Cisco routers to access, before deploying personalized malware such as Jumblepath and Ghostpider.
Via Bleeping Compompute
