China Denounces U.S. Claims of Volt Typhoon Cyber Espionage, Alleges Fabrication

October 15, 2024

China's National Computer Virus Emergency Response Center (CVERC) has accused the U.S. and its allies of inventing the Volt Typhoon cyber threat to hide their own cyber espionage activities. According to CVERC, the U.S. government, intelligence agencies, and Five Eyes countries have been conducting cyber espionage against China, France, Germany, Japan, and global internet users. The agency claims to have 'ironclad evidence' of U.S. false flag operations, suggesting that the U.S. is creating a false narrative of Chinese cyber threats while establishing a global internet surveillance network.

CVERC has further alleged that the U.S. has been conducting supply chain attacks and implanting backdoors in internet products, completely debunking the Volt Typhoon narrative. The agency also accuses the U.S. military base in Guam of initiating numerous cyberattacks against China and Southeast Asian countries, rather than being a victim of Volt Typhoon cyberattacks.

Volt Typhoon, a term assigned to a cyber espionage group believed to be linked with China and active since 2019, has been accused of infiltrating critical infrastructure networks by rerouting traffic through compromised routers, firewalls, and VPN hardware. Most recently, it was associated with the exploitation of a high-severity security flaw in Versa Director (CVE-2024-39717) to deliver a web shell named VersaMem for facilitating credential theft and running arbitrary code.

French cybersecurity company Sekoia has reported a pattern of China-linked cyber intrusion sets using edge devices as Operational Relay Boxes (ORBs) to evade detection. The company has attributed threat actors likely of Chinese origin to an attack campaign that infects edge devices like routers and cameras to deploy backdoors such as GobRAT and Bulbature for further attacks.

In a recent 59-page document, Chinese authorities claim that over 50 security experts from the U.S., Europe, and Asia have expressed concerns about the U.S.'s false narrative concerning Volt Typhoon and the lack of evidence linking the threat actor to China. The document also accuses U.S. intelligence agencies of creating a toolkit called Marble as early as 2015 to confuse attribution efforts.

The report further accuses the U.S. of using its technological and geographical advantages to control fiber optic cables across the Atlantic and the Pacific for worldwide internet surveillance. It also alleges that companies like Microsoft and CrowdStrike have given threat activity groups names with geopolitical overtones, such as 'typhoon,' 'panda,' and 'dragon.' The document concludes by calling for international collaboration and a focus on counter-cyber threat technology research.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.