Skip to main content

Salt Typhoon Crashes National Guard’s Cyber Party: China’s Sneakiest Hacker Hit Squad

Move over, Volt Typhoon—your quiet data pilfering at water plants was so last week...

Enter Salt Typhoon, the China-linked APT crew that decided the Army National Guard’s network needed a year-long surprise visit. And hey, they brought their own virtual digging tools.

On the very day NSA and FBI brass were patting themselves on the back over Volt Typhoon’s “really failed” persistence, word broke that Salt Typhoon had been camped out in an Army Guard network since April 2023, snacking on unpatched routers and stolen credentials like tech-savvy raccoons. 

Talk about photobombing a victory selfie!

“The recent developments with Salt Typhoon and Volt Typhoon highlight the relentless nature of cyber espionage and pre-positioning campaigns attributed to the People’s Republic of China,” warned Morgan Wright, senior fellow at the Center for Digital Government. 

“These operations aren’t isolated, they’re part of a broader strategy to gain strategic advantages in intelligence gathering and potential disruption.” 

In other words: they treat U.S. networks like open‑bar buffets.

While Volt Typhoon politely hung back and “failed” (per the NSA), Salt Typhoon was busy playing whack-a-mole with outdated firewalls. 

Kevin Surace, chair at Token, sees the Volt win as mere “tactical,” not “strategic.” He explains:

“Disrupting one group temporarily limits active campaigns, but the underlying vulnerabilities remain. Until organizations address the root problem—reliance on credentials and outdated authentication methods—new groups will continue to gain access using the same techniques.”

Surace draws a neat line: Volt Typhoon is the James Bond of stealth, leveraging “living-off-the-land” tricks to snoop on utilities and water systems for months. 

Salt Typhoon, by contrast, is more like a caffeine-fueled barista—hot on unpatched gear, phishing creds, and spoofing MFA to score “deep, persistent access” into a National Guard network that oversees everything from hurricane response to guarding the hatch of Humvees. 

Strategically cheeky.

Adding color commentary from the startup world, Nic Adams, co-founder and CEO at 0rcus, likens Beijing’s hacker squads to “a portfolio of semi-independent contractor units.” He quips:

“Salt Typhoon hides in plain sight by exploiting ubiquitous network gear, routing traffic through leased cloud nodes that resemble legitimate vendor updates, and reusing stolen configurations instead of dropping binaries that endpoint tools flag.”

In plain English: they’re the tidy minimalists of malware. 

Adams notes that National Guard systems are “enticing” because they bridge state emergency systems and federal command channels—think of them as cyber gold mines yielding topology maps and creds for downstream mischief in power grids or water treatment plants.

Yes, DHS has sounded the alarm that Salt Typhoon is still lurking, and promises to “work with partners to prevent future attacks and mitigate risk.” 

But echoing Wright’s Sisyphean lament, “Just as it seems we’ve pushed the rock of defending against them up the digital hill, it comes crashing back down again. The PRC is a determined adversary with extensive bench strength and private sector reachback capability.”

So what’s the real takeaway? 

Disabling Volt Typhoon was like swatting a mosquito—momentarily satisfying but nowhere near eradication. 

Meanwhile, Salt Typhoon is already eyeing the next buffet, armed with phishing rods and a hunger for unpatched routers. 

The only surefire defense? 

Stop treating passwords like post-it notes, update that ancient firewall, and maybe invest in something stronger than "ebay" grade equipment. 

Otherwise, expect more unwanted guests at your digital doorstep—sans RSVP.


“No paywall. No puppets. Just local truth. Chip in $3 today” at https://buymeacoffee.com/doublejeopardynews

“Enjoy this content without corporate censorship? Help keep it that way.”

“Ad-Free. Algorithm-Free. 100% Independent. Support now.”




#SaltTyphoonSurprise
#CyberGuardGate
#APTPartyCrashers
#VoltTyphoonFail
#HackAndSnack
#StealthModeActivated
#PatchOrPerish
#CredentialCravings
#DigitalRaccoons
#MFAwoes
#NetworkBuffet
#DHSOnAlert
#SisypheanSecurity
#HackProofYourLife
#ChinaCyberSquad

Comments

Popular posts from this blog

We Are Temporarily Halting Further Publication....

Do to financial issues and lack of funding we are temporarily halting further publication. After a full year of publication, we have reached a bridge that we are unable to cross at this time. We may periodically publish an article but at this time, full-time publication is no longer feasible. Thank you to all the readers who followed us throughout our journey and we wish you the very best. Hopefully we will see our way through this rough patch and will resume publication in the near future. Thanks again! Robert B.

Please Help Find These Forgotten Girls Held at Male Juvenile Prison for Over a Year!

  MY MOST IMPORTANT STORY  Dozens of Forgotten Little Girls Held at Male Juvenile Prison for Over a Year! Welcome to the Sunshine State , where the palm trees sway, the alligators lurk, and the legislative process makes Kafka look like a life coach!  Florida House Bill HB21 . Not just a compensation bill but possibly a 20 million dollar "Stay out of Jail Free" card for some folks. This is a bill that does some good—but also trips over its own shoelaces, falls down a staircase, and lands on a historical oversight so big, it might as well have its own zip code! An oversight that overlooks what I consider to be its most vulnerable victims! The Setup: Justice with a Catch HB21 was enacted on July 1, 2024 to compensate victims of abuse from two male juvenile detention facilities located in Florida, Dozier and Okeechobee.  It says, “Hey, survivors of abuse between 1940 and 1975, here’s some compensation for the horrific things you endured!” Sounds good, right? Like...

Florida Rest Stop Rules of the Road: ‘You May Snooze — But Not for Long'

Drivers and travelers: rejoice, recline, and — most importantly — read the fine print.  In Florida you can legally sleep in your car at a rest area , but the state has politely (and bureaucratically) set a curfew on your horizontal ambitions.  Pull up, power nap , pack up — and do it all before the three-hour buzzer sounds. Think of Florida’s rest-area rules as the DMV of naps!  The Florida Department of Transportation (FDOT) and the Florida Administrative Code say these roadside oases exist to fight driver fatigue — and to allow the general public a short, safe snooze.  For non-commercial drivers, the limit is three hours...  Commercial vehicle operators (that’s professional truck drivers) get more mercy: up to ten hours, aligned with federal hours-of-service expectations so truckers can actually finish a legally required rest window without getting ticketed for loafing.  So yes, your buddy the trucker can sleep longer than you — he’s earned it the h...