China has dismissed allegations made by the US government and Microsoft that the state-backed hacking group Volt Typhoon infiltrated critical US infrastructure, referring to the claims as a “political farce.” According to Bloomberg, China’s National Computer Virus Emergency Response Center labeled the accusations a deliberate act orchestrated by US officials. The agency cited over 50 cybersecurity experts who agreed that there is no substantial evidence linking the group to the Chinese government.
The Chinese agency also shifted the blame back onto the US, claiming that it is the US that engages in cyber warfare to infiltrate networks and gather intelligence. It specifically accused the US of using a tool named “Marble” that can embed code strings in Chinese and Russian languages, allegedly to frame China and Russia for its cyber activities.
Microsoft and the National Security Agency (NSA) first reported the Volt Typhoon group’s activities in May 2023, highlighting that the group had installed surveillance malware in “critical” systems, particularly in Guam and other parts of the US. These systems have reportedly been compromised for at least five years. In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the NSA, and the FBI issued a warning to critical infrastructure organizations about the threat posed by state-sponsored Chinese cyber actors, stating that these groups were “pre-positioning” themselves within networks to conduct future disruptive or destructive cyberattacks.
US agencies also pointed out that Volt Typhoon had gained access to various critical organizations, including the US Department of Energy, the Environmental Protection Agency, as well as government bodies in Australia, the UK, Canada, and New Zealand. Unlike typical cyberattackers, Volt Typhoon has not yet deployed the malware to execute attacks but appears to be positioning itself to disrupt critical infrastructure in the future, should geopolitical tensions or military conflicts arise between China and the US.