{"id":648163,"date":"2025-01-06T22:10:34","date_gmt":"2025-01-06T19:10:34","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/meet-the-chinese-typhoon-hackers-preparing-for-war-2\/"},"modified":"2025-01-06T22:10:34","modified_gmt":"2025-01-06T19:10:34","slug":"meet-the-chinese-typhoon-hackers-preparing-for-war-2","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war-2\/","title":{"rendered":"#Meet the Chinese &#8216;Typhoon&#8217; hackers preparing for war"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a2ac8e8705fb\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a2ac8e8705fb\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war-2\/#Volt_Typhoon\" >Volt Typhoon<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war-2\/#Flax_Typhoon\" >Flax Typhoon<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/meet-the-chinese-typhoon-hackers-preparing-for-war-2\/#Salt_Typhoon\" >Salt Typhoon<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Of the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers, which senior U.S. national security officials have described as an \u201cepoch-defining threat.\u201d<\/p>\n<p class=\"wp-block-paragraph\">The U.S. says Chinese government-backed hackers have \u2014 in some cases for years \u2014 been burrowing deep into the networks of U.S. critical infrastructure, including water, energy, and transportation providers. The goal, officials say, is to lay the groundwork for potentially destructive cyberattacks in the event of a future conflict between China and the United States, such as over <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wsj.com\/articles\/cia-chief-says-china-has-doubts-about-its-ability-to-invade-taiwan-670b8f87\">a possible Chinese invasion of Taiwan<\/a>.<\/p>\n<p class=\"wp-block-paragraph\">\u201cChina\u2019s hackers are positioning on American infrastructure in preparation to wreak havoc and cause real-world harm to American citizens and communities, if or when China decides the time has come to strike,\u201d then-outgoing FBI Director Christopher Wray told lawmakers last year.<\/p>\n<p class=\"wp-block-paragraph\">The U.S. government and its allies have since taken action against some of the \u201cTyphoon\u201d family of Chinese hacking groups, and published new details about the threats posed by these groups.<\/p>\n<p class=\"wp-block-paragraph\">In January 2024, the U.S. disrupted \u201cVolt Typhoon,\u201d a group of Chinese government hackers tasked with setting the stage for destructive cyberattacks. Later in September 2024, federal authorities took control of a botnet run by another Chinese hacking group called \u201cFlax Typhoon,\u201d which used a Beijing-based cybersecurity company to help conceal the activities of China\u2019s government hackers. Then in December 2025, the U.S. government sanctioned the cybersecurity company for its alleged role in \u201cmultiple computer intrusion incidents against U.S. victims.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Since the emergence of Volt Typhoon, another new China-backed hacking group called \u201cSalt Typhoon\u201d <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>eared in the networks of U.S. phone and internet giants, capable of gathering intelligence on Americans \u2014 and potential targets of U.S. surveillance \u2014 by compromising telecom systems used for law enforcement wiretaps.<\/p>\n<p class=\"wp-block-paragraph\">Here\u2019s what we have learned about the Chinese hacking groups gearing up for war.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"volt-typhoon\"><span class=\"ez-toc-section\" id=\"Volt_Typhoon\"><\/span><strong>Volt Typhoon<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">Volt Typhoon represents a new breed of China-backed hacking groups; no longer just aimed at stealing sensitive U.S. secrets, but rather preparing to disrupt the U.S. military\u2019s \u201cability to mobilize,\u201d according to the then-FBI director.<\/p>\n<p class=\"wp-block-paragraph\"><a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/05\/24\/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques\/\">Microsoft first identified Volt Typhoon<\/a> in May 2023, finding that the hackers had targeted and compromised network equipment, such as routers, firewalls, and VPNs, since at least mid-2021 as part of an ongoing and concerted effort to infiltrate deep into the systems of U.S. critical infrastructure. The U.S. intelligence community said that in reality, it\u2019s likely the hackers were operating for much longer, potentially for as long as five years.<\/p>\n<p class=\"wp-block-paragraph\">Volt Typhoon compromised thousands of these internet-connected devices in the months following Microsoft\u2019s report, exploiting vulnerabilities in devices that were considered \u201cend-of-life\u201d and therefore would no longer receive security updates. The hacking group subsequently gained further access to the IT environments of multiple critical infrastructure sectors, including aviation, water, energy, and transportation, pre-positioning for activating future disruptive cyberattacks aimed at slowing the U.S. government\u2019s response to an invasion of its key ally, Taiwan.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThis actor is not doing the quiet intelligence collection and theft of secrets that has been the norm in the U.S. They are probing sensitive critical infrastructure so they can disrupt major services if, and when, the order comes down,\u201d said John Hultquist, chief analyst at security firm Mandiant.<\/p>\n<p class=\"wp-block-paragraph\">The <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.justice.gov\/opa\/pr\/us-government-disrupts-botnet-peoples-republic-china-used-conceal-hacking-critical\">U.S. government said in January 2024<\/a> that it had successfully disrupted a botnet, used by Volt Typhoon, consisting of thousands of hijacked U.S.-based small office and home network routers, which the Chinese hacking group used to hide its malicious activity aimed at targeting U.S. critical infrastructure. The FBI said it was able to remove the malware from hijacked routers by way of a court-sanctioned operation, severing the Chinese hacking group\u2019s connection to the botnet.<\/p>\n<p class=\"wp-block-paragraph\">By January 2025, <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.bloomberg.com\/news\/features\/2025-01-03\/chinese-cyber-hackers-terrify-us-intelligence-after-infiltrating-guam\">the U.S. had discovered more than 100 intrusions<\/a> across the country and its territories linked to Volt Typhoon, according to reporting by Bloomberg. A large number of these attacks have targeted Guam, a U.S. island territory in the Pacific and a strategic location for American military operations, the report said. Volt Typhoon allegedly targeted critical infrastructure on the island, including its main power authority, the island\u2019s largest cell provider, and several U.S. federal networks, including sensitive defense systems, based on Guam. Bloomberg reported that Volt Typhoon used an entirely new kind of malware to target networks in Guam that it hadn\u2019t ever deployed before, which researchers took as a sign of the high importance that the region has to the China-backed hackers.<\/p>\n<h2 class=\"wp-block-heading\" id=\"flax-typhoon\"><span class=\"ez-toc-section\" id=\"Flax_Typhoon\"><\/span><strong>Flax Typhoon<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">Flax Typhoon, first outed by Microsoft several months later in <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2023\/08\/24\/flax-typhoon-using-legitimate-software-to-quietly-access-taiwanese-organizations\/\">an August 2023 report<\/a>, is another China-backed hacking group, which officials say has operated under the guise of a publicly traded cybersecurity company based in Beijing to carry out hacks against critical infrastructure in recent years. Microsoft said Flax Typhoon \u2014 also active since mid-2021\u00a0\u2014 predominantly targeted dozens of \u201cgovernment agencies and education, critical manufacturing, and information <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/technology\/\" data-internallinksmanager029f6b8e52c=\"4\" title=\"Technology\" target=\"_blank\" rel=\"noopener\">technology<\/a> organizations in Taiwan.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Then in September 2023, the U.S. government said it had taken control of another botnet, which was made up of hundreds of thousands of hijacked internet-connected devices, and <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.justice.gov\/opa\/pr\/court-authorized-operation-disrupts-worldwide-botnet-used-peoples-republic-china-state\">used by Flax Typhoon<\/a> to \u201cconduct malicious cyber activity disguised as routine internet traffic from the infected consumer devices.\u201d Prosecutors said the botnet allowed other China government-backed hackers to \u201chack into networks in the U.S. and around the world to steal information and hold our infrastructure at risk.\u201d\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The Department of Justice later corroborated Microsoft\u2019s findings, adding that Flax Typhoon also \u201cattacked multiple U.S. and foreign corporations.\u201d<\/p>\n<p class=\"wp-block-paragraph\">U.S. officials said that the botnet used by Flax Typhoon was operated and controlled by the Beijing-based cybersecurity company, Integrity Technology Group. In January 2024, the U.S. government imposed sanctions on Integrity Tech over its alleged links to Flax Typhoon.\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"salt-typhoon\"><span class=\"ez-toc-section\" id=\"Salt_Typhoon\"><\/span><strong>Salt Typhoon<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p class=\"wp-block-paragraph\">The latest \u2014 and potentially most ominous \u2014 group in China\u2019s government-backed cyber army uncovered in recent months is Salt Typhoon.<\/p>\n<p class=\"wp-block-paragraph\">Salt Typhoon hit headlines in October 2024 for a different kind of information-gathering operation. As <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b\">first reported by The Wall Street Journal<\/a>, the China-linked hacking group compromised several U.S. telecom and internet providers, including AT&amp;T, Lumen (formerly CenturyLink), and Verizon. The Journal <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wsj.com\/tech\/cybersecurity\/typhoon-china-hackers-military-weapons-97d4ef95\">reported later in January 2025<\/a> that Salt Typhoon also breached the U.S.-based internet providers Charter Communications and Windstream. U.S. cyber official Anne Neuberger said the federal government had identified an unnamed ninth hacked telco.<\/p>\n<p class=\"wp-block-paragraph\">According to <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.washingtonpost.com\/national-security\/2024\/10\/06\/salt-typhoon-china-espionage-telecom\/\">one report<\/a>, Salt Typhoon may have gained access to these telcos using compromised Cisco routers. Once inside the telco\u2019s networks, the attackers were able to access customer call and text message metadata, including date and time stamps of customer communications, source and destination IP addresses, and phone numbers from over a million users; most of which were individuals located in the Washington D.C. area. In some cases the hackers were <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wsj.com\/livecoverage\/harris-trump-election-11-01-24\/card\/chinese-hackers-stole-phone-audio-from-both-harris-and-trump-campaigns-Sfa6s0vIBEmEWOjeaZ8e\">capable of capturing phone audio from senior Americans<\/a>. Neuberger said that a \u201clarge number\u201d of those who had data accessed were \u201cgovernment targets of interest.\u201d<\/p>\n<p class=\"wp-block-paragraph\">By hacking into systems that law enforcement agencies use for court-authorized collection of customer data, Salt Typhoon also potentially gained access to data and systems that house much of the U.S. government\u2019s data requests, including the potential identities of Chinese targets of U.S. surveillance.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">It\u2019s not yet known when the breach of the wiretap systems occurred, but may date back to early 2024, according to the Journal\u2019s reporting.<\/p>\n<p class=\"wp-block-paragraph\">AT&amp;T and Verizon told TechCrunch in December 2024 that their networks were secure after being targeted by the Salt Typhoon espionage group. Lumen confirmed soon after that its network was free from the hackers.\u00a0<\/p>\n<p class=\"wp-block-paragraph\"><em>FIrst published October 13, 2024 and updated.<\/em><\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/01\/06\/meet-the-chinese-typhoon-hackers-preparing-for-war\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Of the cybersecurity risks facing the United States today, few loom larger than the potential sabotage capabilities posed by China-backed hackers, which senior U.S. national security officials have described as an \u201cepoch-defining threat.\u201d The U.S. says Chinese government-backed hackers have \u2014 in some cases for years \u2014 been burrowing deep into the networks of U.S&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":648164,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/01\/china-flag-getty.jpg?resize=1200,675","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[75269,4973,70375,79365,70513,72287,152325],"class_list":["post-648163","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-us-government","tag-china","tag-cybersecurity","tag-evergreen","tag-hacking","tag-security","tag-state-sponsored-hacking"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/648163","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=648163"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/648163\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/648164"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=648163"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=648163"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=648163"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}