Volt Typhoon’s long shadow
News that critical infrastructure networks in both Guam and the United States had been compromised first emerged in 2023. Dubbed ‘Volt Typhoon’, the threat actor responsible for this sophisticated campaign has been linked to China.
Microsoft was the first to publicly assert that Volt Typhoon had successfully compromised networks that provide critical infrastructure services in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology and education sectors in both Guam and the continental U.S. Microsoft’s findings were later confirmed by intelligence and cyber-security officials from the Five Eyes intelligence alliance. Believed to have been active against these targets since 2021, the US government has claimed that Volt Typhoon has been largely contained and eradicated from affected critical infrastructure networks. Irrespective of whether its presence has been fully removed, the threat actor continues to jeopardise U.S. and Western interests in cyberspace and generate geostrategic benefits for the Chinese government.
Originally believed to be pursuing espionage objectives, Volt Typhoon’s activities are now widely regarded as an effort by the Chinese government to pre-position on critical infrastructure targets in preparation for disruption operations in the event of a military crisis with the U.S. Three facts support this narrative. Firstly, the vast majority of the networks targeted by Volt Typhoon offered little foreign intelligence value to the Chinese government. Secondly, the threat actor focused on obtaining network diagrams and operating technology manuals that could inform future disruption operations. Thirdly, networks in Guam were likely targeted because U.S. naval ports and air bases there would be critical to any American military response to a Chinese invasion or blockade of Taiwan.
Read more at International Institute for Strategic Studies