Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

CISA Alert: China’s Volt Typhoon Threatening US Critical Infrastructure

Executive Summary

CISA, NSA, FBI, and international partners recently issued an urgent advisory. The advisory highlights that Chinese state-sponsored threat actors, Volt Typhoon, targeted specific U.S. systems for five years, aiming to destabilize critical infrastructure sectors. Using sophisticated techniques like “living off the land,” they maintain covert access, posing challenges to cybersecurity efforts.

Undoubtedly, state-sponsored attacks are increasing. These attacks are characterized by their sophisticated techniques, substantial resources, and long-term operations driven by political, military, or economic motives. Given this persistent threat, it is crucial to develop strong defense strategies and raise awareness to successfully mitigate risks.

What Happened

Recently, CISA issued an urgent advisory about a critical cybersecurity threat in collaboration with NSA, FBI, and international partners. The advisory disclosed that Chinese state-sponsored hackers, known as Volt Typhoon, targeted critical infrastructure in the U.S. for at least five years.

Their intentions were to carry out destabilizing cyberattacks on critical infrastructure, including aviation, rail, mass transit, highway, maritime, pipeline, water, and sewage organizations. The breadth of these targets underscores the gravity of the threat and the potential consequences of successful cyberattacks on critical infrastructure.

On the other hand, Chinese embassy spokesperson Liu Pengyu previously denied the hacking attempts. Additionally, he turned the accusations against the U.S., encouraging the American intelligence community to stop “irresponsible criticism” against Beijing.

About Volt Typhoon

Volt Typhoon, a state-sponsored hacker group from China, has been active for five years. They target U.S. infrastructure, focusing on sectors like aviation and water. Their approach marks a shift from espionage to preparing for cyberattacks amid conflicts, especially over Taiwan.

This group exploits vulnerabilities in routers and VPNs for initial access. They use stolen credentials to maintain this access over time. With such access, they could manipulate systems like HVAC or control energy and water supplies.

Microsoft notes Volt Typhoon’s focus on credential access and network discovery. They operate stealthily across sectors such as utilities and transportation. Their tactics include using legitimate system tools to avoid detection.

The threat of Volt Typhoon is significant, especially regarding critical communications infrastructure. They use a botnet for broader attacks, controlling compromised devices worldwide.


The advisory highlighted the hackers’ utilization of the “living off the land” technique to maintain covert access within systems, evading detection. This method allows the hackers to operate secretly within compromised networks.

Furthermore, the hackers’ objective seems to involve pre-positioning for potential destructive cyberattacks, marking a strategic shift from traditional espionage tactics.

Our evidence strongly suggests that the PRC actors are pre-positioning to launch future disruptive or destructive cyber attacks that could cause impact to national security, economic security or public health and safety,

Eric Goldstein, the CISA Executive Assistant Director, informed reporters.

FBI Director Christopher Wray emphasized the seriousness of the situation. He stated that the Volt Typhoon malware enabled China to target critical sectors such as communications, energy, transportation, and water. Director Wray also highlighted the potential real-world threat to the physical safety of the US posed by the pre-positioning activities of these hackers. Also, he reiterated the determination of the FBI to take decisive action against this threat.

Closing Comments

State-sponsored threat actors pose significant risks to national security, critical infrastructure, businesses, and even individuals. We are witnessing an increasing number of state-sponsored attacks. Some recent victims from the business world include Microsoft and HPE.

These actors, supported by national governments, have objectives ranging from espionage and financial gain to disruption and sabotage. They’re known for their sophisticated techniques, significant resources, and long-term operations, often with political, military, or economic motives.

State-backed threat actors represent a significant challenge due to their sophisticated capabilities and substantial resources. Hence, governments and organizations must understand the risks they pose and implement a comprehensive set of countermeasures to protect their critical assets and information.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

Update Required Flash plugin