US Army National Guard

The US Army National Guard experienced a significant data breach by a Chinese state-sponsored threat actor known as Salt Typhoon. The attackers were present in the networks from March to December 2024, stealing sensitive data including administrator credentials, network traffic diagrams, geographical maps, and personally identifiable information (PII) of service members. The breach also compromised data traffic between the state’s network and other US states and territories, potentially allowing the attackers to pivot to other networks and compromise more government and military targets.

Source: https://www.techradar.com/pro/security/chinese-hackers-were-able-to-breach-us-national-guard-and-stay-undetected-for-months

TPRM report: https://scoringcyber.rankiteo.com/company/army-national-guard

"id": "arm711072025",
"linkid": "army-national-guard",
"type": "Breach",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Military',
                        'location': 'United States',
                        'name': 'US Army National Guard',
                        'type': 'Government/Military'}],
 'attack_vector': "Exploiting vulnerabilities in Cisco's routers and similar "
                  'hardware',
 'data_breach': {'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Administrator credentials',
                                              'Network traffic diagrams',
                                              'Geographical maps',
                                              'Personally identifiable '
                                              'information (PII)']},
 'description': 'A Chinese state-sponsored threat actor known as Salt Typhoon '
                'accessed the network of the US Army National Guard for nine '
                'months, stealing sensitive data including administrator '
                'credentials, network traffic diagrams, geographical maps, and '
                'personally identifiable information (PII) of service members.',
 'impact': {'data_compromised': ['Administrator credentials',
                                 'Network traffic diagrams',
                                 'Geographical maps',
                                 'Personally identifiable information (PII) of '
                                 'service members',
                                 "Data traffic between state's network and "
                                 'other US states and territories']},
 'initial_access_broker': {'entry_point': "Cisco's routers",
                           'high_value_targets': ['Critical infrastructure '
                                                  'organizations',
                                                  'Communications firms',
                                                  'Government',
                                                  'Military',
                                                  'Defense organizations']},
 'motivation': ['Disrupt networks',
                'Steal key intelligence',
                'Prepare for potential conflict over Taiwan'],
 'references': [{'source': 'BleepingComputer'}],
 'threat_actor': 'Salt Typhoon (Chinese state-sponsored)',
 'title': 'Salt Typhoon Accessed National Guard Systems',
 'type': 'Data Breach',
 'vulnerability_exploited': ["CVEs in Cisco's routers"]}