{
	"id": "8ae50ab8-dede-4091-ab75-c84328b885e5",
	"created_at": "2026-04-06T00:19:23.531398Z",
	"updated_at": "2026-04-10T03:34:44.550439Z",
	"deleted_at": null,
	"sha1_hash": "681c688207d7d99098d8d76603013c5ef82f47d2",
	"title": "China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 98816,
	"plain_text": "China Admitted to Volt Typhoon Cyberattacks on US Critical\r\nInfrastructure: Report\r\nBy Eduard Kovacs\r\nPublished: 2025-04-11 · Archived: 2026-04-05 20:02:36 UTC\r\nIn a secret meeting that took place late last year between Chinese and American officials, the former\r\nconfirmed that China had conducted cyberattacks against US infrastructure as part of the campaign\r\nknown as Volt Typhoon, according to The Wall Street Journal.\r\nThe meeting took place at a Geneva summit in December and involved members of the outgoing Biden\r\nadministration. The US officials who were present were startled by China’s admission, people familiar with the\r\nmatter told WSJ [paywalled article].\r\nThe remarks made at the meeting by Chinese officials were “indirect and somewhat ambiguous”, but the\r\nAmerican delegation interpreted that the attacks tracked as Volt Typhoon were conducted in response to the US\r\nsupporting Taiwan, WSJ reported.\r\nThe conclusion of American officials after the meeting was that the cyberattacks were meant to scare the United\r\nStates from getting involved in a potential conflict between China and Taiwan.\r\nThe Volt Typhoon attacks, which were attributed to China immediately after their discovery, involved the use of\r\nzero-day vulnerabilities and other sophisticated techniques. The attacks were aimed at critical infrastructure and\r\nraised concerns that they could enable China to spy on the US and cause significant disruptions.\r\nThe Volt Typhoon threat actors managed to gain access to systems in a wide range of sectors, including\r\ncommunications, manufacturing, utility, construction, government, IT, maritime, transportation, and energy. It\r\ncame to light recently that the hackers managed to dwell in the US electric grid for 300 days in 2023.\r\nAdvertisement. Scroll to continue reading.\r\nhttps://www.securityweek.com/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report/\r\nPage 1 of 2\n\nAccording to WSJ, the Salt Typhoon attacks aimed at several major American telecom firms, which had come to\r\nlight in the months leading up to the December meeting in Geneva, were also mentioned during the meeting, but\r\nthe focus was on the Volt Typhoon attacks. \r\nThe Salt Typhoon campaign resulted in the phone calls and text messages of senior officials getting compromised.\r\nUnlike the Volt Typhoon attacks, which the US sees as an unacceptable provocation, the Salt Typhoon campaign is\r\nsimilar to cyberespionage that the US itself conducts against its adversaries.\r\nIn recent years both the US and China have stepped up their game in publicly accusing each other of conducting\r\ncyberattacks. \r\nRelated: Hackers Could Unleash Chaos Through Backdoor in China-Made Robot Dogs\r\nRelated: Despite Rip-and-Replace Efforts, FCC Suspects Banned Chinese Telecom Providers Still Active in US\r\nRelated: Chinese I-Soon Hackers Hit 7 Organizations in Operation FishMedley\r\nSource: https://www.securityweek.com/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report/\r\nhttps://www.securityweek.com/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.securityweek.com/china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report/"
	],
	"report_names": [
		"china-admitted-to-us-that-it-conducted-volt-typhoon-attacks-report"
	],
	"threat_actors": [
		{
			"id": "846522d7-29cb-4a0c-8ebe-ffba7429e2d7",
			"created_at": "2023-06-23T02:04:34.793629Z",
			"updated_at": "2026-04-10T02:00:04.971054Z",
			"deleted_at": null,
			"main_name": "Volt Typhoon",
			"aliases": [
				"Bronze Silhouette",
				"Dev-0391",
				"Insidious Taurus",
				"Redfly",
				"Storm-0391",
				"UAT-5918",
				"UAT-7237",
				"UNC3236",
				"VOLTZITE",
				"Vanguard Panda"
			],
			"source_name": "ETDA:Volt Typhoon",
			"tools": [
				"FRP",
				"Fast Reverse Proxy",
				"Impacket",
				"LOLBAS",
				"LOLBins",
				"Living off the Land"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6a0effeb-3ee2-4a67-9a9f-ef5c330b1c3a",
			"created_at": "2023-09-07T02:02:47.827633Z",
			"updated_at": "2026-04-10T02:00:04.873323Z",
			"deleted_at": null,
			"main_name": "RedHotel",
			"aliases": [
				"Operation FishMedley",
				"RedHotel",
				"TAG-22"
			],
			"source_name": "ETDA:RedHotel",
			"tools": [
				"Agentemis",
				"BIOPASS",
				"BIOPASS RAT",
				"BleDoor",
				"Brute Ratel",
				"Brute Ratel C4",
				"Cobalt Strike",
				"CobaltStrike",
				"FunnySwitch",
				"POISONPLUG.SHADOW",
				"RbDoor",
				"RibDoor",
				"RouterGod",
				"ShadowPad Winnti",
				"SprySOCKS",
				"Spyder",
				"Winnti",
				"XShellGhost",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "a88747e2-ffed-45d8-b847-8464361b2254",
			"created_at": "2023-11-01T02:01:06.605663Z",
			"updated_at": "2026-04-10T02:00:05.289908Z",
			"deleted_at": null,
			"main_name": "Volt Typhoon",
			"aliases": [
				"Volt Typhoon",
				"BRONZE SILHOUETTE",
				"Vanguard Panda",
				"DEV-0391",
				"UNC3236",
				"Voltzite",
				"Insidious Taurus"
			],
			"source_name": "MITRE:Volt Typhoon",
			"tools": [
				"netsh",
				"PsExec",
				"ipconfig",
				"Wevtutil",
				"VersaMem",
				"Tasklist",
				"Mimikatz",
				"Impacket",
				"Systeminfo",
				"netstat",
				"Nltest",
				"certutil",
				"FRP",
				"cmd"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6de442c2-1335-4c96-9f9b-87f61a52074e",
			"created_at": "2025-05-18T02:00:03.043587Z",
			"updated_at": "2026-04-10T02:00:03.840911Z",
			"deleted_at": null,
			"main_name": "FishMedley",
			"aliases": [],
			"source_name": "MISPGALAXY:FishMedley",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "49b3063e-a96c-4a43-b28b-1c380ae6a64b",
			"created_at": "2025-08-07T02:03:24.661509Z",
			"updated_at": "2026-04-10T02:00:03.644548Z",
			"deleted_at": null,
			"main_name": "BRONZE SILHOUETTE",
			"aliases": [
				"Dev-0391 ",
				"Insidious Taurus ",
				"UNC3236 ",
				"Vanguard Panda ",
				"Volt Typhoon ",
				"Voltzite "
			],
			"source_name": "Secureworks:BRONZE SILHOUETTE",
			"tools": [
				"Living-off-the-land binaries",
				"Web shells"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "4ed2b20c-7523-4852-833b-cebee8029f55",
			"created_at": "2023-05-26T02:02:03.524749Z",
			"updated_at": "2026-04-10T02:00:03.366175Z",
			"deleted_at": null,
			"main_name": "Volt Typhoon",
			"aliases": [
				"BRONZE SILHOUETTE",
				"VANGUARD PANDA",
				"UNC3236",
				"Insidious Taurus",
				"VOLTZITE",
				"Dev-0391",
				"Storm-0391"
			],
			"source_name": "MISPGALAXY:Volt Typhoon",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434763,
	"ts_updated_at": 1775792084,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/681c688207d7d99098d8d76603013c5ef82f47d2.pdf",
		"text": "https://archive.orkl.eu/681c688207d7d99098d8d76603013c5ef82f47d2.txt",
		"img": "https://archive.orkl.eu/681c688207d7d99098d8d76603013c5ef82f47d2.jpg"
	}
}