A China-backed hacking group known as Salt Typhoon infiltrated a U.S. Army National Guard network for nearly a year, from March to December 2024, without detection. During this period, the group exfiltrated sensitive data including military, law enforcement, and personal information, as well as configuration files related to critical national infrastructure and state government agencies. The hackers exploited vulnerabilities such as an Apache HTTP Server flaw (CVE-2021-41773) to deploy cryptocurrency mining malware and used sophisticated techniques including fake GitHub accounts to host malware plugins like Amadey, Lumma, and RedLine. These operations leveraged legitimate tools and public repositories to evade detection and bypass web filtering, complicating efforts to identify malicious activity. Security officials noted that while the group’s persistence efforts ultimately failed, the breach exposed vulnerabilities in National Guard cybersecurity defenses and highlighted the ongoing threat posed by state-backed cyber espionage campaigns.