Volt Typhoon : Reckoning with the Lethal Sleeper Agent of the 21st Century

Volt Typhoon - a bright yellow flying robot with wings and lightning emanating from it

Two things :
1) Volt Typhoon, &
2) Axis & Allies Tech Stacks
.. redefining the domestic threat level of global cyberwarfare operations, and the lens through which we observe it.

Volt Typhoon

This was the sentence that woke me out of my stupor. I had to read it three times slowly to make sure that it wasn’t some kind of typo, or some sort of wild hypothetical premise:

[The U.S. State Department] “also acknowledges the degree to which China has penetrated American utility and water supply networks, installing malware that U.S. intelligence agencies have assessed are designed to trigger chaos and slow an American military response if Beijing decided to invade…”

Nope, I didn’t read it wrong. The thing is. I’ve known about these bot-nets for decades. And we’ve hypothesized about them. Hell, there have been plenty of movies about them, even.

But this sentence, innocently inserted deep in the body of a longer article about evolving US cybersecurity policy, is not describing a theory, nor a thwarted attempt by some Rogue Nation State / Bad Actor. No. This article, and the State Department report that it liberally quotes, is describing “Volt Typhoon” as an actual active infection that is at present well entrenched in the deep bowels of critical US infrastructure.

It continues:

The [State Dept report] describes that operation, which Microsoft’s investigators have named “Volt Typhoon,” in unusually stark terms. It characterizes China as fully capable — today — of “launching cyberattacks that could disrupt oil and gas pipelines, rail systems and other critical infrastructure services within the United States as well as its allies and partners.”

“Attempts to compromise critical infrastructure by [Chinese National] actors are designed in part to pre-position themselves to be able to disrupt or destroy critical infrastructure in the event of a conflict,” the State Department report continued, “to either prevent the United States from being able to project power into Asia, or to impede our decision-making ability during a crisis by instigating societal chaos inside the United States.”

Apparently the FBI launched a massive cyber-strike that destroyed (as in, melted circuits of) various components of the network this January (2024) — sounding to me like the equivalent of performing heavy chemotherapy on a Stage IV cancer patient —  but by their own admission, that only took down a small portion of the total malicious botnet. as reported via Defense One:

“According to FBI Director Christopher Wray, cyber operatives disabled KV-botnet, a digital entity of chain-linked equipment, including cameras and routers, that was compromised and used to form a data transfer network for the group — known as Volt Typhoon — to quietly tunnel into critical infrastructure in preparation for what officials publicly say is U.S. military conflict with Beijing.

…while enemy operations were significantly slowed down by this strike, the KV-botnet was just one of many staging grounds. Volt Typhoon, believed to be working on behalf of Chinese state authorities, is using multiple covert networks now, making it seemingly impossible to completely stop the entity in its tracks…”

To be clear, Volt Typhoon is a hacker collective — a group of ostensibly state-sponsored human actors, who use various innovative and stealth techniques to place sleeper botnets deep within infrastructure elements (think power grids, water purification centers, air traffic control systems, etc) To paraphrase the Guardian’s excellent explainer on the topic:

Volt Typhoon – which also goes by the monikers as Vanguard Panda, Bronze Silhouette, Dev-0391, UNC3236, Voltzite, and Insidious Taurus – is a state-sponsored Chinese cyber operation (“hacker collective”) that has successfully compromised thousands — perhaps millions — of internet-connected devices, from net-connected cameras to phones to WiFi lightbulbs. The group’s operations appear to be part of a much larger effort to infiltrate western critical infrastructure, including naval ports, internet service providers, communications services and power, water, waste processing & telecom utilities. The vast majority of the malware that the collective has embedded has yet to be activated… it sits silently as a sleeping, latent, and active threat to key infrastructure targets throughout the western hemisphere, just waiting to be sent a simple trigger signal.

That’s seriously troublesome. It’s a real problem. and a Big Problem.

But that’s not all… according to SecState Blinken, we are entering an entirely new era of active cyberwarfare, one that, on its vast attack surface, would appear to put the 20th centuries “nuclear cold war” to shame:

Tech Stacks: Axis & Allies

via the New York Times (D. Sanger, May 6, 2024)

“We are entering a new geopolitical reality in which countries will be forced to choose between signing up for a Western-dominated “stack” of technologies — from silicon, hardware, kernels, OSes & apps all the way out to phones, IoT & edge devices — or a Chinese-dominated one. This idea extends all the way out to include internet backbones & physical infrastructure — control over the physical undersea fiber cables connecting nation-states, the dense internet satellite networks, and the millions of network routers & switches that power the totality of all global telecommunications. It’s critical the we and our allies work with trusted vendors and exclude untrustworthy ones from the ecosystem.”

— Antony Blinken
U.S. Secretary of State

“Just about everyone is willing to acknowledge that technology is an important element of foreign policy, but I would argue that tech is not just part of the game — it’s increasingly the entire game.

— Nathaniel Fick
U.S. Ambassador to CyberSpace

Details of that:

First, the global network of undersea fiber optic trunk lines (click to view ultra-high-resolution detail):

Those cables are the physical manifestation of the terrestrial internet. Every day, they are damaged by earthquakes, tsunamis, accidental drills, heavy anchors, and just plain decay. A global network of a few private companies are contracted to repair and maintain these physical lines. But this new military posturing asks: who exactly owns these cables? Who controls the endpoints, where cable meets router? Who designed the chip on the router, with its trillions of transistors and embedded operating system. And who knows if those routers have undetectable backdoors etched deep into their actual silicon?

There is a similar situation going on in low earth orbit:

Witness a simple data visualization of the tight mesh of internet satellites that swarms around our planet, receiving and transmitting the worlds high speed data packets 24/7/365:

[image credit: New York Times]

…and we can ask the same questions: Who owns these networks? If and when war comes, who controls them? While GPS was essentially a gift from the US Military to the world, the constellation of internet backbone satellite networks is firmly in the hands of private corporations. The leading provider as of 2024, SpaceX’s Starlink, operates more than 5,000 satellites in low earth orbit, and plans to launch more than 36,000 more in the next 5 years.  This vividly demonstrates how, increasingly, multinational corporations (“megacorps”) wield geopolitical power that rivals or even exceeds that of the classical 20th century superpowers. read: Musk deactivates internet above Ukraine.

Threat Level: AI as WMD

“Top level American and Chinese diplomats plan to meet later this month in Geneva to begin what amounts to the first, tentative arms control talks over the use of artificial intelligence. The meeting has been more than a year in the making.” (NY Times)

“First topic on the summit agenda is an attempt, forwarded by the US delegation, to ban the deployment of AI entities in the command and control of nuclear arsenals.” Woah.

[see related: Killer Robots]


Volt Typhoon in the News:

Key CyberThreat Players:

  • Antony Blinken
    • US Secretary of State
    • (highest diplomat)
    • 4th in line for US Presidential Succession
  • Morgan Adamski
    • head of the NSA Cybersecurity Collaboration Center
    • Director of the CYBERCOM Combatant Command
  • Nathaniel C. Fick
    • U.S. Ambassador to Cyberspace


prompt: /imagine: Volt Typhoon”

engine: MidJourney v6

post: curves adjust, saturation pump, re-compress

Exit mobile version