Meet the Chinese ‘Typhoon’ hackers preparing for war

Chinese hackers, Volt, Flax, Salt Typhoons, threaten US infrastructure.

: Chinese government-backed hackers, including groups like Volt Typhoon, Flax Typhoon, and Salt Typhoon, have been infiltrating U.S. critical infrastructure sectors such as water, energy, and telecom. Their actions aim to prepare for potentially harmful cyberattacks in case of conflict, particularly regarding issues like Taiwan. The U.S., together with allies, has attempted to disrupt these activities by taking control of botnets operated by the hackers.

Chinese government-backed hackers, notably Volt Typhoon, Flax Typhoon, and Salt Typhoon, are intensifying their operations within U.S. critical infrastructure. These groups aim to prepare the ground for potentially damaging cyberattacks, especially in the event of rising tensions, such as a Chinese invasion of Taiwan. U.S. officials and security experts have outlined these hackers as a significant threat, emphasizing their ability to impede U.S. military mobilization.

Volt Typhoon was first identified by Microsoft in May 2023, having exploited vulnerabilities in network equipment since mid-2021 to infiltrate various critical sectors. The FBI successfully disrupted a botnet used by Volt Typhoon in January; however, the infiltration had compromised thousands of internet-connected devices, highlighting the seriousness of these actions.

Flax Typhoon, revealed in 2023, operated under the guise of Beijing's Integrity Technology Group, creating a vast botnet that masked malicious activities as regular network traffic. In contrast, Salt Typhoon's operations, uncovered recently, involved compromising the wiretap systems of major U.S. telecom companies, potentially endangering sensitive data, including the identities of Chinese surveillance targets.