Volt Typhoon is actually a CIA asset, China claims
China again claims Volt Typhoon is the work of the CIA
Volt Typhoon has hit the headlines recently as a prolific cybercrime organization pursued by US authorities for its involvement in numerous attacks.
The Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), Federal Bureau of Investigation (FBI) and even the Five Eyes intelligence agency have frequently blamed the group for lurking on and attacking US critical infrastructure.
However, China has again doubled down on the claim that the group thought to be a Chinese state-sponsored is actually a US asset used to discredit its rival across the Pacific.
Lie to Me: Volt Typhoon III
China’s latest claim was released by China’s National Computer Virus Emergency Response Center (CVERC), as part of a document published in five languages titled, “Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies.”
China released a similar document in July 2024, titled “Volt Typhoon II – Exposing the disinformation campaign of US government agencies against the US Congress and taxpayers,” which claimed that US authorities exercised “warrantless snooping powers on all people over the world including Americans via FISA Section 702, so that the U.S. government agencies could eliminate the foreign competitors and defend the cyber hegemony and long-term interests of monopolies.”
The document asserts that China consulted over 50 cybersecurity experts, who collectively determined both the US and Microsoft do not have enough evidence to implicate China’s involvement with Volt Typhoon. However, the names of the experts are not included in the document.
The document also outlines a number of secret US surveillance capabilities unearthed by whistleblowers, such as the NSA Office of Tailored Access Operation program and the PRISM data collection program, which suspiciously share similarities with Volt Typhoon capabilities, CVERC claims. Both were exposed by former NSA intelligence contractor Edward Snowden in 2013.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
CVERC also suggests that the CIA Marble framework - used to obfuscate cyber tools and exposed by Wikileaks in 2017 - is also a part of Volt Typhoon’s playbook. The document also states that the terms used by western intelligence agencies to identify Chinese cyber criminal organizations use “obvious geopolitical overtones for hacker groups, such as 'typhoon', 'panda', and 'dragon' instead of 'Anglo-Saxon' 'hurricane', and 'koala'.”
The Register points out that Orientalism may exacerbate political tensions, but the authors may need to do some research into the origins of the word 'koala'.
More from TechRadar Pro
- These are the best endpoint protection services
- Huawei is investing heavily in AI ecosystem development as it bids to become China's answer to Nvidia
- Take a look at our guide to the best internet security suites
Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.