China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year
Credit to Author: Lily Hay Newman, Andy Greenberg, Dell Cameron| Date: Sat, 19 Jul 2025 10:30:00 +0000
After reporting last week that the “raw” Jeffrey Epstein prison video posted by the FBI was likely modified in at least some ways (though there is no evidence that the footage was deceptively manipulated), WIRED reported on Tuesday that metadata analysis of the video shows approximately 2 minutes and 53 seconds were removed from one of two stitched-together clips.
The United States Department of Homeland Security is facing controversy over DNA samples taken from approximately 133,000 migrant children and teens that the department added to a criminal database. Meanwhile, researcher Jeremiah Fowler published findings this week that more than 2 GB of extremely sensitive adoption-related data—including information about biological parents, children, and adoptive parents—was exposed and publicly accessible on the open internet.
Roblox’s new Trusted Connections feature includes age verification that uses AI to scan teens’ video selfies and determine whether they can be granted access to unfiltered chatting with people they know. And as video deepfake capabilities mature—including AI tools that can even manipulate live video footage—AI “nudify” platforms are drawing millions of users and generating millions of dollars in revenue using tech from US companies.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
The Chinese state-sponsored hacking group known as Salt Typhoon has already shocked the US once with the revelation last year that it had deeply penetrated American telecom systems, even targeting the text messages and phone conversations of citizens including then-candidates Donald Trump and JD Vance in real time. Now it appears the group’s espionage has included the US military, and it spent much of the last year inside the network of the US National Guard in at least one state. NBC News this week reported on a DHS memo, obtained by the national security transparency nonprofit Property of the People, that warned the Chinese hacker group had breached that state-level National Guard network from March to December of last year. It didn’t identify which state had been targeted. According to the memo, Salt Typhoon’s access “likely provided Beijing with data that could facilitate the hacking of other states’ Army National Guard units, and possibly many of their state-level cybersecurity partners.”
The Trump administration is developing a new digital system designed to grant Immigration and Customs Enforcement near-real-time access to sensitive data of taxpayers, including their home addresses. Internal blueprints, revealed by ProPublica on Tuesday, show that the system is designed to automate and expedite data exchanges “on demand,” bypassing traditional IRS safeguards that normally require case-by-case review and legal justification. The system represents a major shift in how IRS data is accessed, and it is already raising concerns among civil liberties experts who say the process may violate privacy laws and further accelerate ICE's ability to obtain tax data for deportation purposes.
A zero-day vulnerability that allows a trains’ brakes to be triggered by malicious hackers is a troubling notion. A 7,300-plus-day vulnerability that leaves trains exposed to that brake hack is a shocking level of negligence for a piece of critical US infrastructure. The Cybersecurity and Infrastructure Security Agency last week released an advisory about a lack of authentication in a protocol that allows a device in the head of a train (HOT) to send a braking signal to another device in the end of a train (EOT) for coordinated braking across long trains such as freight trains. That meant that hackers could send their own unauthenticated commands to disrupt trains, shut down rail networks, or even cause derailments, one of the researchers credited in the advisory told SecurityWeek. The issue is made all the more egregious by the fact that the researchers discovered the vulnerability had first been reported in 2005 but was never taken seriously or fixed. Tens of thousands of the vulnerable HOT and EOT devices are set to be replaced in a process that will begin next year.
Hackers who want to build a botnet of malware-controlled internet-of-things devices can scour those devices for vulnerabilities—which are plentiful enough—and remotely exploit them. Or better yet, they can infect them before they’re even shipped. Google announced this week it would be filing a lawsuit against the administrators of the so-called BadBox 2.0 botnet, which consisted of 10 million Android-powered TVs that were somehow infected with malware before being sold to consumers. The botnet operators, which Google describes as Chinese cybercriminals, then sold access to those devices to be used as proxy machines or to fake advertising views in a vast click-fraud scheme. BadBox 2.0 “is already the largest known botnet of internet-connected TV devices, and it grows each day. It has harmed millions of victims in the United States and around the world and threatens many more,” Google’s complaint reads.