Cybersecurity experts said that such groups become more dangerous when they turn their attention from intelligence gathering to digital sabotage. Microsoft said in a blog post this week that Volt Typhoon was “pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.”
News agency Reuters cited Marc Burnard of Secureworks, an arm of Dell Technologies, as saying that Volt Typhoon appears to be focused on stealing information from “organisations that hold data that relates to the military or government in the United States.” Burnard said that the group’s activities suggested that it was being used “primarily for espionage purposes.”
Microsoft also said that its assessment was “moderate confidence,” which means that its theory is plausible and credibly sourced but has yet to be fully corroborated. Meanwhile, US tech firm Cisco highlighted it has seen disturbing evidence that Volt Typhoon was readying itself for something dangerous.
Cisco noted the company was called in to deal directly with one case at a critical infrastructure facility where hackers were hunting for documentation showing how the facility worked, and they did not appear to be after money, the report said.
Microsoft and other researchers pointed out that Volt Typhoon was a quiet operator that hid its traffic by routing it through hacked network equipment like home routers and expunged evidence of intrusions from victim’s logs.
China denies hacking
China has denied any hand in the case of Volt Typhoon but documentation of Beijing’s cyberespionage campaigns have been building for more than 20 years.
“The spying has come into sharp focus over the past 10 years as Western researchers tied breaches to specific units within the People’s Liberation Army, and US law enforcement charged a string of Chinese officers with stealing American secrets,” the Reuters report noted.
According to Secureworks, Volt Typhoon’s interest in operational security likely stemmed from embarrassment over the drumbeat of US indictments and “increased pressure from (Chinese) leadership to avoid public scrutiny of its cyberespionage activity.”