Scripps News has confirmed that China breached the computer network of the Army National Guard in at least one U.S. state for months.
The breach came as part of the so-called Salt Typhoon hack, which has been an ongoing breach into a wide range of U.S. telecom systems for at least a year. It is one of the most significant cyber espionage breaches in U.S. history.
Scripps News obtained a memo from the Department of Homeland Security outlining the situation, which was provided to us by an open records request sent by nonprofit Property of the People.
According to the report, China had access to the National Guard system for about nine months in 2024, from March through December. Authorities have not disclosed which state was affected.
Salt Typhoon gathered information about the network, its traffic with other National Guard networks in all 50 states, some personal identifying information about National Guard service members and administrator credentials and network maps that could be used to compromise further networks in other states, the report says.
Salt Typhoon has already demonstrated the ability to use information stolen in breaches to enable further breaches of more networks, the report warns.
The report includes guidance for cybersecurity personnel to firewall or disable vulnerable systems that Salt Typhoon has used in its infiltration.
RELATED STORY | White House says at least 8 US telecom firms impacted by China hacking campaign
In its broader campaign, officials say, Salt Typhoon has compromised private texts and phone records of an unknown number of American targets, which include senior U.S. officials and politicians.
Officials said the attack was likely narrow in scope, but based on a broad infiltration of U.S. telecom services and networks.
In December of 2024, Deputy national security adviser Anne Neuberger warned that "until U.S. companies address the cybersecurity gaps the Chinese are likely to maintain their access."
