If you have been following American media in recent months, you may have heard of “Volt Typhoon.” Officially, it is a Chinese hacker group sponsored by the government in Beijing that has managed to create quite a stir in agencies and companies in the West. The United States (U.S.), along with its partners from the “Five Eyes” intelligence alliance (the United Kingdom, Australia, New Zealand, Canada, and the U.S.), issued a warning in March of this year about the activities of this hacker group, which was reportedly aimed at “critical infrastructure” in the West.
THREATENING THOUSANDS OF COMPUTER SYSTEMS…
According to information available on the website of the U.S. Cyber Defense Agency, a number of important American intelligence and security agencies (the Cybersecurity and Infrastructure Security Agency – CISA, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI)) have assessed that cyber groups allegedly sponsored by China are seeking to position themselves in IT networks to threaten the critical infrastructure of the U.S. The report mentions not only “Volt Typhoon” as a sort of umbrella or main cyber group but also other groups such as “Vanguard Panda,” “Bronze Silhouette,” Dev-0391, UNC3236, “Voltzite,” and “Insidious Taurus.” According to these reports, “Volt Typhoon” has threatened thousands of important computer systems since it was identified by security analysts at Microsoft in May of last year. American analysts believe the group has been active since mid-2021, and possibly even earlier. In short, “Volt Typhoon,” in coordination with the mentioned groups, is allegedly using malware that infiltrates internet-connected systems by exploiting vulnerabilities such as weak administrative passwords, factory default logins, and devices with outdated software. The targets of “Volt Typhoon” included communication, energy, transportation, water, and wastewater systems.
“DURING FUTURE CRISES”
Numerous reports dedicated to this hacker group indicate that it could threaten U.S. military capabilities and disrupt the “critical communication infrastructure” between the U.S. and Asia. Interestingly, one of these reports states that the mentioned hacker group could disrupt communication infrastructure “during future crises.” However, the matter of “Volt Typhoon” attacks on computer systems, or the “critical infrastructure” frequently mentioned in American reports, reached its climax about a month ago when it was announced that the FBI had dismantled a massive botnet that, as stated, compromised hundreds of thousands of devices and targeted the aforementioned critical infrastructure. Behind these operations was allegedly the group “Flax Typhoon,” which took several steps beyond the now-famous “Volt Typhoon,” targeting corporations, media organizations, universities, and government agencies.
DID THE U.S. SPY ON GERMANY?
All of this would seem like yet another episode in the cyber war that has undoubtedly been raging worldwide for decades, had China not recently released the third chapter of its response to allegations that it stands behind the “Volt Typhoon” group. The documents from the Chinese National Center for Emergency Response to Computer Viruses present evidence suggesting that the U.S. is actually behind the “Volt Typhoon” group. The documents state interesting facts and raise a number of intriguing questions. The Chinese announced that the U.S., aside from mere accusations, has not provided evidence for its claims (that China is behind the “Volt Typhoon” group), instead following a “catch the thief” policy.
“Based on the previous two reports, this report further reveals that the U.S. federal government, intelligence agencies, and the ‘Five Eyes’ alliance countries jointly conducted eavesdropping and cyber espionage activities against China, Germany, other countries, and global internet users…”
In short, “Volt Typhoon,” based on the concrete evidence presented by the Chinese in the aforementioned three reports, could be an operation carried out under a false flag against China, which has been accused of cyber espionage, as well as against Germany and other American allies not in the “Five Eyes” group.
GEOPOLITICAL FARCE
If this is the case, “Volt Typhoon” could primarily be a geopolitical farce, and only later a group that has fundamentally shaken the already strained relations between China and the U.S.
The Chinese believe that “Volt Typhoon” is, in fact, a complex “preemptive” operation by U.S. cyber forces and security forces, meaning that in this case, the U.S. employed a “preemptive hunting” tactic.
“To adapt to this tactical need, the U.S. intelligence agency has specifically developed a stealth “toolkit” codenamed “Marble,” to conceal its own malicious cyber attacks, blame other countries, and mislead traceability and attribution analysis. The toolkit is a framework of tools that can be integrated with other cyber weapon development projects to assist cyber weapon developers in analyzing programming codes,” stated the latest Chinese report.
WHEN AMERICAN INSTITUTIONS AND COMPANIES REMAIN SILENT IN THE FACE OF JOURNALISTIC INQUIRIES
In support of their claims, the Chinese published examples of American espionage against German, Japanese, and other officials from strictly confidential documents they obtained. The mentioned reports are available via the following links:
https://www.cverc.org.cn/head/zhaiyao/futetaifeng3_EN.pdf
https://www.cverc.org.cn/head/zhaiyao/news20241014-FTTFSAN.htm
However, this initial narrative, which indicates the possibility that China has responded very convincingly to allegations of being behind the “Volt Typhoon” group and its associated groups, actually has an interesting epilogue that is more than indicative. The Global Times requested responses from the American embassy in Beijing, U.S. agencies, and Microsoft regarding the information and facts presented in the reports of the Chinese National Center for Emergency Response to Computer Viruses.
According to the Chinese side, it was a deliberate dissemination of a false narrative, which, in addition to spying on “allies” under a false flag, aims to secure more funding from the budget for “defense,” while private companies involved in this now-real affair would also receive their share of the financial pie in the form of new, even more lucrative contracts.
The questions posed by the Global Times remained unanswered. Neither the American embassy in Beijing, nor U.S. government agencies, nor Microsoft responded to the inquiries of Chinese journalists. How is it possible that state authorities and companies in the “land of the free,” including media outlets, can remain silent in the face of serious accusations? A considerable number of citizens in Serbia believe that such a thing is impossible, but unfortunately, it is.
THE PUBLIC IN THE WEST IS SHELTERED
Zhuo Hua, an expert on international relations at the Chinese University of Foreign Studies, stated to the Global Times that the U.S. cannot find a basis to refute the precisely presented facts and has no choice but to remain silent. At the Chinese National Center for Emergency Response to Computer Viruses, they claim that about fifty cyber experts from Europe, Asia, and even the U.S. reached out to them after the center published the first two reports on “Volt Typhoon” (on April 15 and July 8), confirming that the U.S. has no evidence for the allegations made.
In China, it is also believed that ordinary people in the U.S. have been informationally sheltered for too long, and that this media cocoon is controlled by interest groups, via intelligence agencies that promote a negative image of China. The news that a cyber war is raging across the globe is nothing new. It is also not new that the U.S. spies on its allies. Anyone who followed the Edward Snowden case knows what is at stake, including the espionage affair concerning G8 and G20 delegations in Toronto, as well as many other similar cases, the PRISM program, and “XKeyscore.”
Just as whistleblowers replaced dissidents and sought protection in the East or in the embassies of the Global South, the media narrative unexpectedly shifts, showing that answers to key questions cannot even be obtained in countries that claim to be media and politically advanced democracies. The “Volt Typhoon” case is a good, but not the only example of this “paradox.”
