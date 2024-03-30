In many ways, Volt Typhoon functions similarly to traditional botnet operators that have plagued the internet for decades. It takes control of vulnerable internet devices such as routers and security cameras to hide and establish a beachhead in advance of using that system to launch future attacks.

Operating this way makes it difficult for cybersecurity defenders to accurately identify the source of an attack. Worse, defenders could accidentally retaliate against a third party who is unaware that they are caught up in Volt Typhoon's botnet.

Disrupting critical infrastructure has the potential to cause economic harm around the world. Volt Typhoon's operation also poses a threat to the US military by potentially disrupting power and water to military facilities and critical supply chains. FBI Director Christopher Wray testified at a congressional hearing on January 31, 2024, about Chinese hackers targeting US critical infrastructure.

Microsoft's 2023 report noted that Volt Typhoon could“disrupt critical communications infrastructure between the United States and Asia region during future crises.” The March 2024 report , published in the US by the Cybersecurity and Infrastructure Security Agency , likewise warned that the botnet could lead to“disruption or destruction of critical services in the event of increased geopolitical tensions and/or military conflict with the United States and its allies.”

Volt Typhoon's existence and the escalating tensions between China and the US, particularly over Taiwan, underscore the latest connection between global events and cybersecurity.

The FBI reported on January 31, 2024, that it had disrupted Volt Typhoon's operations by removing the group's malware from hundreds of small office/home office routers. However, the US is still determining the extent of the group's infiltration of America's critical infrastructure.

On March 25, 2024, the US and UK announced that they had imposed sanctions on Chinese hackers involved in compromising their infrastructures. And other countries, including New Zealand, have revealed cyberattacks traced back to China in recent years.

All organizations, especially infrastructure providers, must practice time-tested safe computing centered on preparation, detection and response.

They must ensure that their information systems and smart devices are properly configured and patched, and that they can log activity. And they should identify and replace any devices at the edges of their networks, such as routers and firewalls, that no longer are supported by their vendor.