cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

US launches operation against Volt Typhoon-centred Chinese hacking campaign

A major Chinese hacking campaign has attracted the attention of the US, which has launched a takedown operation to combat it.

user icon Daniel Croft
Wed, 31 Jan 2024
US launches operation against Volt Typhoon-centred Chinese hacking campaign
expand image

The campaign in question is centred on the infamous Chinese Volt Typhoon hacking group, a state-sponsored actor known for targeting critical infrastructure, as it did in the US using living-off-the-land techniques back in May last year.

As part of these attacks, the threat group deployed an advanced botnet made up of unsecured routers belonging to small businesses and homes, allowing it to stealthily compromise devices.

One of the targets of the botnet was a critical infrastructure operator located on the US territory of Guam, leading officials to believe that the group may launch an attack on the operator, disrupting military capabilities as tensions between China and the US grow over Taiwan.


Intelligence officials said the campaign looks to attack and compromise major Western critical infrastructure such as power, naval ports, internet, and other utilities. Volt Typhoon plays a large role in this campaign.

Mandiant Intelligence chief analyst John Hultquist iterated that this campaign is unlike others, with its goal being the dismantling of critical infrastructure rather than stealing credentials for financial or activism purposes.

According to a pair of security officials and a source close to the issue speaking with Reuters, the operation has resulted in thousands of internet-connected devices being compromised.

“This actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the US. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down,” said Hultquist.

The sources speaking with Reuters added that the FBI and the US Department of Justice (DOJ) sought legal authorisation to go after parts of the threat campaign and remotely disable them. This authorisation has been granted.

Reuters reached out to the DOJ and the FBI for comment on the matter but was declined comment by both agencies.

The Chinese embassy in Washington did also not immediately respond to requests for comment, but representatives of China have previously marked the Western warnings about Volt Typhoon from May last year as a disinformation effort by Five Eyes, the intelligence-sharing alliance made up of Australia, Canada, New Zealand, the UK and the US.

“Obviously, this is a collective disinformation campaign by the United States to mobilise the Five Eyes countries for geopolitical purposes,” said China foreign ministry spokesperson Mao Ning.

“It is a report that has … a serious lack of evidence and is extremely unprofessional.

“As we all know, the Five Eyes is the world’s largest intelligence organisation, and the NSA is the world’s largest hacker organisation, and it is ironic that they have joined forces to issue disinformation reports.”

The FBI has had experience taking down botnets in the past, having successfully dismantled the Qakbot botnet in August last year.

The FBI discovered that over 700,000 devices had been compromised, over 200,000 of which were US-based.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.