Skip to main content

Salt Typhoon Crashes National Guard’s Cyber Party: China’s Sneakiest Hacker Hit Squad

Move over, Volt Typhoon—your quiet data pilfering at water plants was so last week...

Enter Salt Typhoon, the China-linked APT crew that decided the Army National Guard’s network needed a year-long surprise visit. And hey, they brought their own virtual digging tools.

On the very day NSA and FBI brass were patting themselves on the back over Volt Typhoon’s “really failed” persistence, word broke that Salt Typhoon had been camped out in an Army Guard network since April 2023, snacking on unpatched routers and stolen credentials like tech-savvy raccoons. 

Talk about photobombing a victory selfie!

“The recent developments with Salt Typhoon and Volt Typhoon highlight the relentless nature of cyber espionage and pre-positioning campaigns attributed to the People’s Republic of China,” warned Morgan Wright, senior fellow at the Center for Digital Government. 

“These operations aren’t isolated, they’re part of a broader strategy to gain strategic advantages in intelligence gathering and potential disruption.” 

In other words: they treat U.S. networks like open‑bar buffets.

While Volt Typhoon politely hung back and “failed” (per the NSA), Salt Typhoon was busy playing whack-a-mole with outdated firewalls. 

Kevin Surace, chair at Token, sees the Volt win as mere “tactical,” not “strategic.” He explains:

“Disrupting one group temporarily limits active campaigns, but the underlying vulnerabilities remain. Until organizations address the root problem—reliance on credentials and outdated authentication methods—new groups will continue to gain access using the same techniques.”

Surace draws a neat line: Volt Typhoon is the James Bond of stealth, leveraging “living-off-the-land” tricks to snoop on utilities and water systems for months. 

Salt Typhoon, by contrast, is more like a caffeine-fueled barista—hot on unpatched gear, phishing creds, and spoofing MFA to score “deep, persistent access” into a National Guard network that oversees everything from hurricane response to guarding the hatch of Humvees. 

Strategically cheeky.

Adding color commentary from the startup world, Nic Adams, co-founder and CEO at 0rcus, likens Beijing’s hacker squads to “a portfolio of semi-independent contractor units.” He quips:

“Salt Typhoon hides in plain sight by exploiting ubiquitous network gear, routing traffic through leased cloud nodes that resemble legitimate vendor updates, and reusing stolen configurations instead of dropping binaries that endpoint tools flag.”

In plain English: they’re the tidy minimalists of malware. 

Adams notes that National Guard systems are “enticing” because they bridge state emergency systems and federal command channels—think of them as cyber gold mines yielding topology maps and creds for downstream mischief in power grids or water treatment plants.

Yes, DHS has sounded the alarm that Salt Typhoon is still lurking, and promises to “work with partners to prevent future attacks and mitigate risk.” 

But echoing Wright’s Sisyphean lament, “Just as it seems we’ve pushed the rock of defending against them up the digital hill, it comes crashing back down again. The PRC is a determined adversary with extensive bench strength and private sector reachback capability.”

So what’s the real takeaway? 

Disabling Volt Typhoon was like swatting a mosquito—momentarily satisfying but nowhere near eradication. 

Meanwhile, Salt Typhoon is already eyeing the next buffet, armed with phishing rods and a hunger for unpatched routers. 

The only surefire defense? 

Stop treating passwords like post-it notes, update that ancient firewall, and maybe invest in something stronger than "ebay" grade equipment. 

Otherwise, expect more unwanted guests at your digital doorstep—sans RSVP.


“No paywall. No puppets. Just local truth. Chip in $3 today” at https://buymeacoffee.com/doublejeopardynews

“Enjoy this content without corporate censorship? Help keep it that way.”

“Ad-Free. Algorithm-Free. 100% Independent. Support now.”



#SaltTyphoonSurprise
#CyberGuardGate
#APTPartyCrashers
#VoltTyphoonFail
#HackAndSnack
#StealthModeActivated
#PatchOrPerish
#CredentialCravings
#DigitalRaccoons
#MFAwoes
#NetworkBuffet
#DHSOnAlert
#SisypheanSecurity
#HackProofYourLife
#ChinaCyberSquad

Comments

Post a Comment

Popular posts from this blog

Please Help Find These Forgotten Girls Held at Male Juvenile Prison for Over a Year!

  MY MOST IMPORTANT STORY  Dozens of Forgotten Little Girls Held at Male Juvenile Prison for Over a Year! Welcome to the Sunshine State , where the palm trees sway, the alligators lurk, and the legislative process makes Kafka look like a life coach!  Florida House Bill HB21 . Not just a compensation bill but possibly a 20 million dollar "Stay out of Jail Free" card for some folks. This is a bill that does some good—but also trips over its own shoelaces, falls down a staircase, and lands on a historical oversight so big, it might as well have its own zip code! An oversight that overlooks what I consider to be its most vulnerable victims! The Setup: Justice with a Catch HB21 was enacted on July 1, 2024 to compensate victims of abuse from two male juvenile detention facilities located in Florida, Dozier and Okeechobee.  It says, “Hey, survivors of abuse between 1940 and 1975, here’s some compensation for the horrific things you endured!” Sounds good, right? Like...
Post a Comment
Read more

We Are Temporarily Halting Further Publication....

Do to financial issues and lack of funding we are temporarily halting further publication. After a full year of publication, we have reached a bridge that we are unable to cross at this time. We may periodically publish an article but at this time, full-time publication is no longer feasible. Thank you to all the readers who followed us throughout our journey and we wish you the very best. Hopefully we will see our way through this rough patch and will resume publication in the near future. Thanks again! Robert B.
Post a Comment
Read more

Postal Police Stuck Behind ‘Keep Out’ Signs While Mailmen Face Muggers: You Can’t Make This Stuff Up!!

As crime against letter carriers surges, one would think that America’s armed, uniformed Postal Police might be hitting the streets to protect our mail.  Instead, they’re still glued to their post office entrances like sentries guarding Fort Frownmore.  Why?  Because since 2020, the Postmaster General decreed they must “protect postal property” only—meaning, they currently serve as glorified lobby bouncers rather than actual roaming guardians of the mailstream. “ They’re robbing letter carriers, they’re sticking a gun in a letter carrier’s face and they’re demanding arrow keys, ” laments Frank Albergo , president of the National Postal Police Union and a Postal Police Officer himself.  An "arrow key" in the context of the Post Office is a specialized, universal key that postal workers use to access various locked mail receptacles, including collection boxes, apartment mailboxes, and cluster boxes. Albergo isn’t exaggerating—research shows over 100 physical assaul...
Post a Comment
Read more