Volt Typhoon

Liam Sturgess
2 min read

Volt Typhoon is a codename for a hacking group described as being sponsored by the Chinese government.[1]

The name “Volt Typhoon” is used by Microsoft to describe the group based on the company's internal “threat actor naming taxonomy.”[2] Secureworks describes the same group by the codename “Bronze Silhouette”.[3]

History

Volt Typhoon has reportedly been in operation since mid-2021.[4] In June 2021, Secureworks identified an intrusion into one of its clients' networks, which the company attributed to the group.[3:1] Separate intrusions were reported by Secureworks in September 2021 and June 2022.

On May 24, 2023, Microsoft issued a warning that Volt Typhoon had “compromised 'critical' U.S. cyber infrastructure across numerous industries with a focus on gathering intelligence.”[1:1] The National Security Agency (NSA) followed up with a report of their own titled “People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection”, co-published with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ) and the United Kingdom National Cyber Security Centre (NCSC-UK).[5]

Secureworks published their own statement concurrently, describing their own analysis of the group's activities.[3:2]

Further reading

  1. Goswami, R. (2023, May 24). Microsoft warns that China hackers attacked U.S. infrastructure. CNBC. http://archive.today/2023.05.24-213247/https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html ↩︎ ↩︎

  2. diannegali, chrisda, Dansimp, & Stacyrch140. (2023, April 20). How Microsoft names threat actors. Microsoft. http://archive.today/2023.05.17-020026/https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide ↩︎

  3. Secureworks Counter Threat Unit. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Secureworks. http://archive.today/2023.05.25-155704/https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations ↩︎ ↩︎ ↩︎

  4. Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Microsoft Security Blog. http://archive.today/2023.05.25-103813/https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/ ↩︎

  5. People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. (2023, May 24). National Security Agency. https://web.archive.org/web/20230525163919/https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF ↩︎

Profiles
About the author
Liam Sturgess

Liam Sturgess

Liam Sturgess is a Canadian writer, researcher and investigative reporter focused on issues of human rights and civil liberties, with a particular interest in the COVID-19 pandemic. He is the founder of White Rose Intelligence.

Read next

Justice COVID-19 Response Group Meeting Agendas

2025 Canadian federal election internal 'anomaly' reporting

Comparing US and Canadian COVID-19 vaccine recommendations in pregnancy

ScienceUpFirst Grant Application Records (2020-2025)

Vaccine Vigilance Working Group Meeting Records on AEFI Background Rates

Knowledge is Freedom

Join the White Rose Intelligence research community

White Rose Intelligence

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to White Rose Intelligence.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.