China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure
April 13, 2025
China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.
China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign.
According to the Wall Street Journal, at a December Geneva summit, Chinese officials indirectly admitted to Volt Typhoon cyberattacks on U.S. infrastructure, reportedly linked to U.S. Taiwan support.
Chinese officials’ ambiguous remarks at a December meeting were interpreted by the members of the U.S. delegation as a tacit admission of involvement in cyberattacks linked to Volt Typhoon.
“During the half-day meeting in Geneva, Wang Lei, a top cyber official with China’s Ministry of Foreign Affairs, indicated that the infrastructure hacks resulted from the U.S.’s military backing of Taiwan, an island Beijing claims as its own, according to current and former U.S. officials familiar with the conversation.” states the WSJ. “Wang or the other Chinese officials didn’t directly state that China was responsible for the hacking, the U.S. officials said. But American officials present and others later briefed on the meeting perceived the comments as confirmation of Beijing’s role and was intended to scare the U.S. from involving itself if a conflict erupts in the Taiwan Strait. “
At the Geneva summit, U.S. officials learned of China’s aggressive Salt Typhoon cyber operations, which targeted telecom networks like AT&T and Verizon, spying on unencrypted calls and texts of political figures. While the focus shifted to Volt Typhoon attacks on infrastructure, the tacit admission highlighted China’s willingness to use cyber capabilities to warn the U.S. over Taiwan.
In May 2024, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible.
According to Microsoft, the campaign aimed at building capabilities that could disrupt critical communications infrastructure between the United States and Asia region in the case of future crises.
The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.
The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, China)
