Washington’s narrative – corroborated by Microsoft’s findings – of the China-linked Volt Typhoon group is just a cover for U.S. intelligence hacking into Chinese infrastructure, a 60-page report from Beijing’s top cyber defense agency charged.
The report, released on Monday by the National Computer Virus Emergency Response Center (CVERC), accused the U.S. government of meticulously crafting a disinformation campaign aimed at both misdirecting attention and maintaining dominance in the global cyber arena.
The allegations point to deep-rooted strategies used by the U.S. to perpetuate its cyber espionage activities while blaming adversaries like China and Russia. But behind the noise lies a much more intricate revelation of cyber warfare tactics, including the use of False Flag operations and stealth tools designed to mask the true origins of these attacks, the report alleges.
The ‘Marble’ Toolkit and False Flag Tactics
At the center of the accusations is a U.S. intelligence toolkit that China calls “Marble.” This tool allegedly helps cloak the true source of cyberattacks by obfuscating the coding signatures typically used to trace attackers. What makes Marble particularly dangerous, according to China’s report, is its ability to insert foreign language strings into the malware code—languages like Mandarin and Russian—to mislead investigators and pin the blame on foreign actors.
False Flag operations, a tactic where one country carries out attacks disguised as another, have become central to modern cyber warfare, China said. In the digital realm, this tactic aims to confuse attribution, the process by which investigators link a cyberattack to its origin. With attribution often serving as the basis for geopolitical decisions, misdirection on this scale could have serious consequences.
Influence Operations and Cyber Dominance
The allegations don’t stop at cyberattacks alone. According to CVERC’s investigation, the U.S. has woven these tactics into a broader strategy of influence operations. These operations aim to shape perceptions, spread disinformation, and destabilize target nations. They go beyond the battlefield of bits and bytes, extending into media and public discourse.
The report claims the U.S. employs a framework of 4D principles—deny, disrupt, degrade, deceive—to maintain control over the narrative in cyberspace. These principles, seen in disinformation campaigns like Volt Typhoon, are designed to manipulate how cyberattacks are perceived, allowing the U.S. to downplay its own activities while amplifying those of its adversaries.
China also came down heavily on the usage of naming conventions like “Panda” and “Dragon” used in the attribution of China-linked threat actors, claiming it is geopolitically motivated and equivalent to racial targeting.
Some U.S. companies, such as Microsoft and CrowdStrike, for their commercial interest and without sufficient evidence and rigorous technical analysis, have been keen on coining various absurd codenames with obvious geopolitical overtones for hacker groups, such as ‘typhoon,’ ‘panda,’ and ‘dragon,’ instead of ‘Anglo-Saxon,’ ‘hurricane,’ and ‘koala,’” the CVERC report said.
Global Surveillance: The ‘UpStream’ and ‘Prism’ Projects
The core of the accusations against the U.S. is its alleged use of mass surveillance projects, known as “UpStream” and “Prism,” which work together to siphon vast amounts of data from global internet traffic. UpStream, according to the report, is designed to capture raw communication data passing through key internet infrastructure like submarine fiber optic cables, while Prism allows U.S. intelligence agencies to access user data from major tech companies like Microsoft, Google, and Facebook.
By combining these two systems, the U.S. allegedly maintains the ability to monitor vast quantities of data in real-time. This capability provides actionable intelligence for military, diplomatic, and economic purposes, making the U.S. a formidable player in the world of cyber espionage.
But it’s not just foreign adversaries that are affected. The report suggests that U.S. citizens, despite legal protections like FISA Section 702, also fall under the watchful eye of these surveillance programs. The Foreign Intelligence Surveillance Court itself has acknowledged several violations, pointing to instances where U.S. intelligence agencies allegedly overstepped their bounds, the report suggests.
Backdoor Implants and Supply Chain Attacks
Another concerning element is the claim that U.S. intelligence agencies conduct supply chain attacks, where they insert backdoors into hardware and software products sold to foreign targets. Once compromised, these products can act as entry points for further espionage.
The National Security Agency’s (NSA) Office of Tailored Access Operations (TAO) allegedly plays a key role in these activities. By intercepting shipments of network equipment, disassembling them, and implanting malicious backdoors, the NSA ensures long-term access to compromised systems. These supply chain attacks represent one of the most covert and effective ways to infiltrate secure networks, posing significant risks to critical infrastructure across the globe, China said.
Global Fallout: Targeting Allies and Adversaries Alike
China added that U.S.’ espionage activities haven’t been limited to adversaries. It said, allies such as Germany, France, and Japan have also found themselves under the surveillance lens, with high-level communications reportedly intercepted as part of broader intelligence-gathering efforts.
For instance, German Chancellor Angela Merkel’s communications were allegedly monitored by U.S. intelligence, causing a diplomatic rift between the two nations when the operation was exposed, CVERC reported. Similar accusations have surfaced regarding France, with the NSA reportedly eavesdropping on phone calls from French government officials and business leaders.
U.S. Companies’ Role in Espionage
Microsoft, one of the largest cloud and enterprise software providers globally, has found itself entangled in these accusations. According to the report, Microsoft’s tools and platforms may be integral to U.S. intelligence operations, providing both the infrastructure and capabilities for data collection.
The report also alleges that Microsoft has been developing tools specifically for U.S. intelligence, further deepening its collaboration with the federal government. This relationship, the report suggests, raises serious questions about privacy and the ethical implications of corporate cooperation in state-led surveillance activities.
Interestingly, both Microsoft and the U.S. government have time and again placed the same accusations on Volt Typhoon, which China has disputed.