China Denounces U.S. Claims of Volt Typhoon Cyber Espionage, Alleges Fabrication
October 15, 2024
China's National Computer Virus Emergency Response Center (CVERC) has accused the U.S. and its allies of inventing the Volt Typhoon cyber threat to hide their own cyber espionage activities. According to CVERC, the U.S. government, intelligence agencies, and Five Eyes countries have been conducting cyber espionage against China, France, Germany, Japan, and global internet users. The agency claims to have 'ironclad evidence' of U.S. false flag operations, suggesting that the U.S. is creating a false narrative of Chinese cyber threats while establishing a global internet surveillance network.
CVERC has further alleged that the U.S. has been conducting supply chain attacks and implanting backdoors in internet products, completely debunking the Volt Typhoon narrative. The agency also accuses the U.S. military base in Guam of initiating numerous cyberattacks against China and Southeast Asian countries, rather than being a victim of Volt Typhoon cyberattacks.
Volt Typhoon, a term assigned to a cyber espionage group believed to be linked with China and active since 2019, has been accused of infiltrating critical infrastructure networks by rerouting traffic through compromised routers, firewalls, and VPN hardware. Most recently, it was associated with the exploitation of a high-severity security flaw in Versa Director (CVE-2024-39717) to deliver a web shell named VersaMem for facilitating credential theft and running arbitrary code.
French cybersecurity company Sekoia has reported a pattern of China-linked cyber intrusion sets using edge devices as Operational Relay Boxes (ORBs) to evade detection. The company has attributed threat actors likely of Chinese origin to an attack campaign that infects edge devices like routers and cameras to deploy backdoors such as GobRAT and Bulbature for further attacks.
In a recent 59-page document, Chinese authorities claim that over 50 security experts from the U.S., Europe, and Asia have expressed concerns about the U.S.'s false narrative concerning Volt Typhoon and the lack of evidence linking the threat actor to China. The document also accuses U.S. intelligence agencies of creating a toolkit called Marble as early as 2015 to confuse attribution efforts.
The report further accuses the U.S. of using its technological and geographical advantages to control fiber optic cables across the Atlantic and the Pacific for worldwide internet surveillance. It also alleges that companies like Microsoft and CrowdStrike have given threat activity groups names with geopolitical overtones, such as 'typhoon,' 'panda,' and 'dragon.' The document concludes by calling for international collaboration and a focus on counter-cyber threat technology research.
Related News
- Chinese Hacking Group Volt Typhoon Exploits Versa Director Zero-Day Vulnerability
- Versa Networks Addresses Zero-Day Vulnerability in Director Platform
Latest News
- Nation-State Threat Actors Exploit Ivanti CSA Zero-Day Vulnerabilities
- CISA Updates Known Exploited Vulnerabilities Catalog with Ivanti CSA and Fortinet Products Bugs
- Iran's APT34 Intensifies Cyberattacks Exploiting Windows Flaw
- Russian APT29 Group Targets Zimbra and JetBrains TeamCity Servers
- CISA Issues Warning on Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
Like what you see?
Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.