IT Pro echoes the warning of cybersecurity professionals that, since the Pentagon reported on China’s Salt Typhoon group broaching a U.S. National Guard system, we should assume every U.S.-government networked computer has been compromised:
According to the US Department of Defense (DoD), the group breached and laid low in the compromised network for almost a year, potentially accessing sensitive military and law enforcement data.
The DoD report, released following an FOI request by the Property of the People nonprofit, details a long-running campaign that “extensively compromised” the National Guard network from March 2024 to December last year.
As part of the breach, the Salt Typhoon is believed to have collected and exfiltrated sensitive data, including configuration files for critical national infrastructure (CNI) organizations and state government agencies.
…
Salt Typhoon has previously used exfiltrated network configuration files to “enable cyber intrusion elsewhere”, the DoD report noted. Indeed, between January 2023 and March 2024, it stole 1,462 configuration files associated with 70 US government and CNI identities spanning 12 sectors.
This included organizations in energy, communication, transportation, and wastewater.
…
Gary Barlet, public sector CTO at Illumio, said the incident once again highlights the group’s proficiency and ability to compromise US government networks.
Barlet, who served as Chief of Ground Networks for the Air Force CIO, warned “all US forces must now assume their networks are compromised,” moving forward.