Volt Typhoon is actually a CIA asset, China claims

China
(Image credit: Shutterstock)

Volt Typhoon has hit the headlines recently as a prolific cybercrime organization pursued by US authorities for its involvement in numerous attacks.

The Cybersecurity and Infrastructure Security Agency (CISA), alongside the National Security Agency (NSA), Federal Bureau of Investigation (FBI) and even the Five Eyes intelligence agency have frequently blamed the group for lurking on and attacking US critical infrastructure.

However, China has again doubled down on the claim that the group thought to be a Chinese state-sponsored is actually a US asset used to discredit its rival across the Pacific.

Lie to Me: Volt Typhoon III

China’s latest claim was released by China’s National Computer Virus Emergency Response Center (CVERC), as part of a document published in five languages titled, “Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies.”

China released a similar document in July 2024, titled “Volt Typhoon II – Exposing the disinformation campaign of US government agencies against the US Congress and taxpayers,” which claimed that US authorities exercised “warrantless snooping powers on all people over the world including Americans via FISA Section 702, so that the U.S. government agencies could eliminate the foreign competitors and defend the cyber hegemony and long-term interests of monopolies.”

The document asserts that China consulted over 50 cybersecurity experts, who collectively determined both the US and Microsoft do not have enough evidence to implicate China’s involvement with Volt Typhoon. However, the names of the experts are not included in the document.

The document also outlines a number of secret US surveillance capabilities unearthed by whistleblowers, such as the NSA Office of Tailored Access Operation program and the PRISM data collection program, which suspiciously share similarities with Volt Typhoon capabilities, CVERC claims. Both were exposed by former NSA intelligence contractor Edward Snowden in 2013.

CVERC also suggests that the CIA Marble framework - used to obfuscate cyber tools and exposed by Wikileaks in 2017 - is also a part of Volt Typhoon’s playbook. The document also states that the terms used by western intelligence agencies to identify Chinese cyber criminal organizations use “obvious geopolitical overtones for hacker groups, such as 'typhoon', 'panda', and 'dragon' instead of 'Anglo-Saxon' 'hurricane', and 'koala'.”

The Register points out that Orientalism may exacerbate political tensions, but the authors may need to do some research into the origins of the word 'koala'.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
China US flags cropped
Guam's critical infrastructure is under attack - and Volt Typhoon is the top suspect
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
China
Chinese cybersecurity firm hit by US sanctions over ties to Flax Typhoon hacking group
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
Salt Typhoon attacks may have hit more US firms than previously thought
An American flag flying outside the US Capitol building against a blue sky
Chinese cybersecurity firm sanctioned by US Treasury over alleged links to Salt Typhoon hackers
Latest in Pro
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
European Union technical background
EU tech companies push for digital sovereignty, reducing reliance on US and others
ransomware avast
One of the most powerful ransomware hacks around has been cracked using some serious GPU power
person at a computer
Infamous ransomware hackers reveal new tool to brute-force VPNs
3D version of the Adobe logo
Adobe Summit 2025 - all the news and updates as it happens
A person typing on a laptop to check battery life
How Google's new anti-scraping measures are forcing an industry evolution
Latest in News
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments
An image of the Nintendo Switch 2
Nintendo Switch 2 could have AI upscaling similar to PS5 Pro’s PSSR according to patent, and it could be a gamechanger for graphics on the upcoming console
PowerColor Red Devil AMD RX 9070 XT graphics card shown side-on
Your next GPU could be from AMD, not Nvidia, if Team Red’s success with PC gamers continues
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 18 (game #1149)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 18 (game #380)