US government confirms Chinese hackers have stolen vital intelligence from the US Army

The Department of Homeland Security has confirmed that Chinese state-sponsored hackers were within the network of the US Army National Guard for many months without anyone knowing.

2

The attackers, known as Salt Typhoon, were within the National Guard's network for as long as nine months, and during this time, they stole sensitive data such as administrator credentials, network traffic diagrams, personally identifiable information (PII) of service members, and geographical maps. Notably, during its stay within the National Guard network, Salt Typhoon also accessed the data traffic between the state's network and every other US state, along with four territories.

Unfortunately, due to Salt Typhoon gaining access to the state's network traffic, there is a possibility of the attackers jumping to other networks as well, further compromising additional government infrastructure. The Department of Homeland Security (DHS) didn't confirm how Salt Typhoon gained access to the network, but the group, which is part of the wider Chinese state-sponsored hacking group "Typhoon", is known for infiltrating networks through various means, such as exploiting existing vulnerabilities in routers and other network-related hardware.

The Typhoon group, which comprises several hacking groups, including Brass Typhoon and Volt Typhoon, was tasked with infiltrating as much US government infrastructure as possible, including organizations, communications agencies, military infrastructure, defense organizations, and critical infrastructure. Why? The goal of the group is to find footholds within the US government infrastructure that they can siphon information from to send back to China if the tensions between the US and China over Taiwan increase to a point where war is on the table.