Volt Typhoon is actually a CIA asset, China claims

News
By
published

China again claims Volt Typhoon is the work of the CIA

China
(Image credit: Shutterstock)

Volt Typhoon has hit the headlines recently as a prolific cybercrime organization pursued by US authorities for its involvement in numerous attacks.

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), Federal Bureau of Investigation (FBI) and even the Five Eyes intelligence agency have frequently blamed the group for lurking on and attacking US critical infrastructure.

However, China has again doubled down on the claim that the group thought to be a Chinese state-sponsored is actually a US asset used to discredit its rival across the Pacific.

Lie to Me: Volt Typhoon III

China’s latest claim was released by China’s National Computer Virus Emergency Response Center (CVERC), as part of a document published in five languages titled, “Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies.”

China released a similar document in July 2024, titled “Volt Typhoon II – Exposing the disinformation campaign of US government agencies against the US Congress and taxpayers,” which claimed that US authorities exercised “warrantless snooping powers on all people over the world including Americans via FISA Section 702, so that the U.S. government agencies could eliminate the foreign competitors and defend the cyber hegemony and long-term interests of monopolies.”

The document asserts that China consulted over 50 cybersecurity experts, who collectively determined both the US and Microsoft do not have enough evidence to implicate China’s involvement with Volt Typhoon. However, the names of the experts are not included in the document.

The document also outlines a number of secret US surveillance capabilities unearthed by whistleblowers, such as the NSA Office of Tailored Access Operation program and the PRISM data collection program, which suspiciously share similarities with Volt Typhoon capabilities, CVERC claims. Both were exposed by former NSA intelligence contractor Edward Snowden in 2013.

CVERC also suggests that the CIA Marble framework - used to obfuscate cyber tools and exposed by Wikileaks in 2017 - is also a part of Volt Typhoon’s playbook. The document also states that the terms used by western intelligence agencies to identify Chinese cyber criminal organizations use “obvious geopolitical overtones for hacker groups, such as 'typhoon', 'panda', and 'dragon' instead of 'Anglo-Saxon' 'hurricane', and 'koala'.”

The Register points out that Orientalism may exacerbate political tensions, but the authors may need to do some research into the origins of the word 'koala'.

More from TechRadar Pro

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.