US invented Volt Typhoon to hide its own cyber espionage, China says


China claims that US intelligence agencies crafted the Volt Typhoon narrative “to win public support and pressure policymakers to allow the extension of invasive US surveillance powers.” Beijing also blames the US for widespread cyber espionage, disinformation operations around the world, and even “choking the internet.”

A Chinese national cyber defense agency has released a third document in a series accusing the US of false flag operations and claiming that the Volt Typhoon is a work of fiction crafted by the US.

Volt Typhoon, also known as Insidious Taurus, Bronze Silhouette, Vanguard Panda, or Dev-0391, is considered a top-tier cyber espionage menace from China, targeting critical infrastructure in the United States and elsewhere.

ADVERTISEMENT

This year, the FBI dismantled a Volt-controlled WiFI router network, describing the group as “The defining threat of our generation.” The group was observed targeting telecoms by exploiting zero-day in software used by many internet service providers.

China's National Computer Virus Emergency Response Center (CVERC) reiterated claims that Volt Typhoon is “a typical, well-designed disinformation operation” – a false flag.

In previous reports, CVERC claimed that Volt Typhoon is a ransomware gang and “misinformation campaign,” which “was secretly and well planned by NSA, FBI,” and other agencies belonging to the US intelligence community and supported by other Five Eye countries.

The new document more broadly portrays the US government as inflicting self-harm, engaging in covert cyberattacks against itself and other nations, and fabricating threats that justify its actions, while deflecting blame onto other countries, with an ultimate goal of wasting taxpayer money.

“There’s ironclad evidence that they blame other countries through the misleading traceability attribution analysis of the stealth toolkit to carry out False Flag operations and cover up their own malicious cyberattacks,” the document reads.

It is full of accusations that the US has adopted supply chain attacks and implanted backdoors in internet products, among other things.

CVERC claims that the US is using cyber weapons, supplemented with “a special toolkit codenamed ‘Marble’ to cover up their own malicious attacks.” Allegedly, the Marble obfuscates the origins of cyberattacks to frame countries, such as China, Russia, Iran, or North Korea.

China, which itself is often compared to the surveillance state, accuses the US of launching attacks to maintain “massive indiscriminate surveillance programs to maintain their unwarranted powers under Section 702 of the Foreign Intelligence Surveillance Act (FISA).”

ADVERTISEMENT

The document also cites “NSA’s internal top-secret data” that the US uses its technological and geological advantages to control the world’s most important fiber optical cables or internet ‘choke points’ for indiscriminate monitoring and data theft.

CVERC blames the NSA for compromising over 50,000 internet assets globally, including in China, conducting supply chain attacks to implant backdoors, or installing covert intelligence stations “to keep a close watch on Germany and other European countries.”

The document even goes so far as to claim that the Volt Typhoon originated in Guam, where US critical networks were hacked by the group.

China also criticizes the ‘absurd’ way Microsoft, CrowdStrike, or other US companies name hacker groups “with obvious geopolitical overtones.” The provided examples were “‘typhoon,’ ‘panda,’ and ‘dragon,’ instead of ‘Anglo-Saxon,’ ‘hurricane,’ and ‘koala.’”

Microsoft also “failed to provide concrete evidence of Volt Typhoon as a so-called ‘Chinese government-sponsored cyber actor,’” the document states.