A year-long cyberespionage operation by the Salt Typhoon group has prompted U.S. defense officials to issue a dire warning: all military forces must now proceed under the assumption that their networks have been compromised.

The breach, uncovered through a Department of Defense (DoD) report obtained via a Freedom of Information request by the nonprofit Property of the People, revealed that Salt Typhoon infiltrated a U.S. state’s National Guard network and remained undetected from March 2024 to December the same year.

During this extended intrusion, the group is believed to have exfiltrated sensitive data — including administrator credentials, network diagrams, and configuration files — from both state government agencies and critical national infrastructure (CNI) organizations. The DoD noted that such information could be leveraged to orchestrate additional attacks on other units.

Although the exact National Guard unit affected remains undisclosed, the scale of the attack raises major national security concerns. The DoD report states that between January 2023 and March 2024, Salt Typhoon stole 1,462 configuration files linked to 70 U.S. government and CNI identities across 12 sectors, including energy, communications, transportation, and wastewater management.

Security experts stress that the compromise poses a serious threat to existing cybersecurity defenses. Gary Barlet, Public Sector CTO at Illumio and former Chief of Ground Networks for the Air Force CIO, emphasized that this breach demonstrates the need for U.S. defense systems to rapidly implement Zero Trust frameworks.

“Salt Typhoon’s ability to move laterally across systems illustrates why breach containment must become a top priority,” Barlet warned, adding that similar intrusions have occurred across both government and private sectors.

This attack follows a series of high-profile incidents linked to the China-affiliated Salt Typhoon group, including previous cyberattacks on U.S. telecom giants AT&T and Verizon. Notably, White House officials confirmed last December that the group had intercepted private communications of senior U.S. political figures.

As cyber threats escalate, the Salt Typhoon breach reinforces the urgency for defense agencies to bolster resilience and rethink their cybersecurity posture entirely.

Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.

News Source: ITPro.com