A report jointly released by China's National Computer Virus Processing Center and 360 has attracted attention, detailing the hacking group Volt Typhoon, revealing that it is a ransomware cybercrime gang with no state support.
This finding is surprising because Microsoft has described the Volt Typhoon as a hacker group with a Chinese background, however, this report is very different from the US version of the story, which is not only about a hacking group, but also about international cybersecurity and trust issues.
What is the Volt Typhoon hacking group? What is the US in a hurry to hide after the release of the investigation report in China?
All statements in this article are based on reliable sources of information and are reproduced in the article
贼喊捉贼
On February 1, 2024, the U.S. House of Representatives Select Committee on China held a hearing on "China's cyber threats to U.S. homeland and national security."
The meeting discussed the "Volt Typhoon" incident revealed by Microsoft Corporation in May 2023, a hacking group allegedly "backed by the Chinese government" that has carried out cyberattacks on critical U.S. infrastructure and attempted to cause further damage, posing a significant threat to U.S. national security.
What exactly is the organization of "Volt Typhoon"? How does it relate to the Chinese government? Why did US politicians mention and blame China again eight months after the attack was made public in May last year?
On May 24, 2023, the "Five Eyes Alliance", that is, the cybersecurity agencies of the United States, the United Kingdom, Canada, Australia, and New Zealand, jointly issued an early warning, which means that Chinese hackers are using some kind of technology to evade detection.
The alert, which states that the hacker group known as Voltain Typhoon conducted cyber espionage on critical U.S. infrastructure, is a direct reference to a report released by Microsoft on the same day, which includes technical analysis and tracing the origins of the attackers.
Microsoft's report named the attacker "Volt Typhoon" according to the company's internal rules, and made it clear that the group was "a Chinese government-backed cyberattack actor," or simply put, the U.S. said it had found a cyber intruder, and that the intruder was China.
It is with the submission of this technical report that the Five Eyes Alliance began to quote Microsoft's report in order to exaggerate the threat theory of China, which can be said to be the usual method of European and American countries. I can't bear it!
China publishes an investigation report
In response to the fact that others have poured dirty water on us, the Chinese Ministry of Foreign Affairs has repeatedly responded and expressed its firm opposition.
On April 15, 2024, China's National Computer Virus Emergency Response Center, the National Engineering Laboratory for Computer Virus Prevention and Control Technology, and 360 Digital Security Group jointly released an investigation report.
To put it simply, this report is that the U.S. Congress and taxpayers conspired together to defraud, using unsubstantiated intelligence to smear China without a bottom line on the one hand, and in exchange for U.S. financial appropriations on the other.
The report traces the origins of the U.S. hype about the "Volt Typhoon" organization since 2023, revealing the true situation of the organization as a criminal gang for ransomware and the truth about the hype that the U.S. has used to hype China.
After the report was released, a number of well-known media outlets asked the U.S. Embassy in China and Microsoft's branch in China, but they did not receive a positive response.
On April 18, 2024, FBI Director Christopher Wray once again blamed the Chinese government-backed group "Voltamine" in a public speech at Vanderbilt University in Tennessee.
The story that the group "Volt Typhoon" had successfully invaded a number of U.S. companies, including 23 operators in the pipeline transportation industry, was widely reported and relayed by the U.S. media.
The United States is in a hurry to cover up the evidence
In the research report, China's cybersecurity agencies listed and analyzed in detail the reports issued by the US agencies, the measures taken by the US government administration, and the remarks of important US political figures, revealing the inherent contradictions in the so-called evidence and statements of the US side.
In particular, following the release of the previous investigation report, the U.S. government agency did not explain the behavior of the "threat alliance" to hide the relevant IP address, but instead took a series of cover-up measures.
On the one hand, the U.S. "Global Media Agency" (USAGM) instructed the international mainstream media controlled by U.S. capital to "block" the report. On the other hand, the "threat alliance company" was instructed to blatantly revise the content of the report in an attempt to destroy the evidence.
The report also provides comparative evidence between the original report of the "threat alliance company" and the latest report, which clearly shows that they do not want to admit it, and on the one hand, they are silent and do not respond, and on the other hand, they set out to destroy the evidence.
Review of the "Volt Typhoon" program
In its research report, China's cybersecurity agency reviewed in detail the "Volthorn" false narrative operation planned and executed by U.S. government agencies, making it clear that the program began at least early 2023 and was divided into three main phases that continue to this day.
Before we do that, let's understand one thing, we all know that the United States likes long-arm jurisdiction, and it also has a legal provision so that the American intelligence agencies can conduct cyber surveillance globally and within the United States.
The law, also known as Section 702, is due to expire in 2023, giving U.S. intelligence agencies no way to fully control China's internet companies.
In the preparation of the plan, U.S. officials have been calling on Congress to continue to extend the implementation of Section 702, saying that it is important, and also fabricated a cyberattack on a U.S. military base, instructing Microsoft to produce an analysis report in order to prepare for the extension of this article.
During the offensive stage, the U.S. agency used the virtual "Voltamine Typhoon" to intimidate members of Congress, and used various means to make the temporary extension of this clause smoothly, and also planned to suppress Chinese Internet companies.
In the consolidation stage, the U.S. agencies successfully relied on this disinformation operation to almost "force" Congress to approve the continuation of Section 702 and continue to suppress China's Internet companies.
In the past year, starting in May 2023, Chinese government departments, universities, research institutes, large enterprises, and critical infrastructure have been subjected to more than 45 million cyberattacks, traced back to hacking groups backed by U.S. government agencies.
More than 140 units were specifically attacked, and samples of attack weapons taken from these unit systems were associated with agencies such as the CIA, the National Security Agency, and the FBI, all of which were authorized under Section 702.
The United States has always been a thief, and cyber security cannot be ignored.