In June 2025, the U.S. Department of Homeland Security confirmed that Salt Typhoon, a Chinese state-sponsored threat group, had quietly infiltrated a U.S. Army National Guard network and expanded access across the country. Using stolen credentials and deep knowledge of VPN infrastructure, the attackers exfiltrated routing metadata, administrative credentials, and sensitive configuration files from systems spanning all 50 states and four U.S. territories.
This wasn’t a one-time breach. It was persistent, methodical, and invisible for most of 2024.
And if you think your enterprise environment is too different to be at risk, think again. The techniques Salt Typhoon used, including credential replay, infrastructure-level access, lateral movement through misconfigured or trusted paths, mirror what we see in today’s cloud-first enterprise environments.
Zero Trust That’s Only Policy Is No Defense at All
Too many organizations check the “zero trust” box by implementing observability, policy engines, or segmentation on paper. But that doesn’t stop attackers who already have access.
Salt Typhoon never needed malware. They didn’t exploit vulnerabilities. Instead, they moved laterally using legitimate credentials across connected networks with limited runtime enforcement. These are the same risks enterprises face in:
Federated identity environments
Flat cloud network architectures
Shared VPN and transit gateway paths
Over-trusted service-to-service connections
The breach proves what defenders already know: if you can’t enforce Zero Trust at runtime—inline, not just in a dashboard—you’re vulnerable.
Aviatrix CNSF: Built for Runtime Zero Trust
The Aviatrix Cloud Native Security Fabric (CNSF) solves this exact problem. CNSF delivers inline, agentless enforcement that makes Zero Trust real in cloud, hybrid, and data center environments.
With CNSF, enterprises gain:
Encrypted segmentation across clouds, partners, and environments
Runtime access control that blocks movement even after initial compromise
Credential-resilient policy enforcement at the infrastructure layer
Audit-ready proof aligned to ZTMM 2.0, NIST CSF, and PCI DSS 4.0
If Salt Typhoon had landed inside an environment protected by CNSF, their lateral movement would have hit a wall—fast.
Assume Breach and Stop Attackers from Going Further
This breach exposed security gaps that exist in thousands of enterprise networks today: gaps in segmentation, in control, in enforcement. Salt Typhoon didn’t need to compromise your business directly. They just needed one link, one credential, one misconfigured network path.
Zero trust that only exists in a PowerPoint doesn’t help you when they’re already inside. Aviatrix CNSF gives security teams the runtime control they need to protect what matters, when it matters.
Learn more about how Aviatrix leverages zero trust principles and the Unified Kill Chain framework to stop cyberattacks.
Register for our webinar on July 31 to explore how Cloud Native Security Fabric (CNSF) transforms network security.
References
Reuters, "U.S. National Guard unit was 'extensively' hacked by Salt Typhoon in 2024," July 15, 2025, https://www.reuters.com/world/us/us-national-guard-unit-was-extensively-hacked-by-salt-typhoon-2024-memo-says-2025-07-15/.
The Daily Beast, "Entire National Guard Network 'Compromised' After Hack,"July 17, 2025, https://www.thedailybeast.com/entire-national-guard-network-compromised-after-hack/.
CyberScoop, "All US forces must now assume their networks are compromised," accessed [date], https://www.itpro.com/security/cyber-attacks/all-us-forces-must-now-assume-their-networks-are-compromised-after-salt-typhoon-breach.
The Washington Post, "China's cyber sector amplifies Beijing's hacking of U.S. targets," July 16, 2025, https://www.washingtonpost.com/technology/2025/07/16/china-hacking-us-targets/.
Wikipedia, "Salt Typhoon," accessed July 21, 2025, https://en.wikipedia.org/wiki/Salt_Typhoon.
Wikipedia, "2024 United States telecommunications hack," July 21, 2025, https://en.wikipedia.org/wiki/2024_United_States_telecommunications_hack.
CyberScoop, "CISA clocked Salt Typhoon in federal networks before telecom," accessed July 21, 2025, https://www.cybersecuritydive.com/news/salt-typhoon-federal-networks-easterly/737552/.
