Recently, cybersecurity experts have identified a new hacking group, ‘Volt Typhoon,’ which is believed to be based in China. However, there is debate among experts about the level of threat that Volt Typhoon poses to American infrastructure. Experts emphasise that most countries – including major powers like the US and Russia – use hackers to gather intelligence, and that most experts worry when such groups begin to focus on digital sabotage. While Microsoft suggests that Volt Typhoon may be “pursuing the development of capabilities that could disrupt critical communications infrastructure,” some believe that it is using its hacking skills primarily for espionage purposes.
Microsoft suggested that Volt Typhoon could be a danger when there are future crises between the US and the Asian region, particularly with regard to cybersecurity and critical infrastructure. Cisco Systems also reported encountering Volt Typhoon in a case in which the hacking group was hunting for documentation on a critical infrastructure facility in the US. However, one expert, Marc Burnard of Secureworks, believes that the hackers appear to be focused primarily on stealing information from US military and government organisations, and that they may not be positioning themselves for disruption.
Despite the level of threat that is posed by the group remaining uncertain, experts emphasise the importance of vigilance on the part of any organisation or entity concerned with cybersecurity and infrastructure. It is widely accepted that nearly all cyber spies seek to cover their tracks. Microsoft and others claim that Volt Typhoon is a particularly quiet operator that hides its traffic by routing it through hacked network equipment and carefully expunging evidence of intrusions from victims’ logs. While evidence of Beijing’s cyberespionage campaigns have been building for over two decades, China typically denies carrying out any such activities. However, experts believe that there are some indications that groups such as Volt Typhoon have increased operational security due to embarrassment over US indictments, and to pressure from China’s leadership to avoid public scrutiny.