Chinas Volt Typhoon APT Burrows Deeper Into US Critical Infrastructure

US officials are concerned that the Beijing-directed cyberattacks could be a precursor to military disruption and broader destructive attacks on citizens and businesses.

The US military was reckoning with two major cyber concerns over the weekend — one the widespread and still unresolved Chinese campaign known as Volt Typhoon targeting military bases, and the other an insider breach affecting Air Force and FBI communications.
Biden administration officials have confirmed that Volt Typhoons malware is much more endemic than previously thought; responders have found it planted inside numerous networks controlling the communications, power, and water feeding US military bases at home and abroad,
according to The New York Times
.
Also concerning, those same networks also touch run of the mill businesses and individuals as well — and investigators are having a hard time assessing the full footprint of the infestation.
Meanwhile, a search warrant
obtained by Forbes
revealed that the Pentagon is dealing with a wholly separate cyber intrusion — in this case, a communications compromise affecting 17 Air Force facilities, and possibly the FBI as well, courtesy of an Air Force engineer.
The Chinese state-aligned advanced persistent threat (APT) behind Volt Typhoon,
aka Vanguard Panda, came to attention after
Microsoft observed Chinese cyber activity in Guam
, the site of a US military base strategically significant to the defense of Taiwan against Chinese aggression.
Microsoft posited
at the time that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises.
That case, disclosed in May, has turned out to be just
one small part of a much broader campaign
, and the aim towards being in place to carry out destruction now seems increasingly likely as a motivation; sources told the Times that the attackers are in a position to handicap military response and supply chains for materiel should a kinetic conflict kick off.
More than a dozen US officials and industry experts said in interviews over the past two months that the Chinese effort goes far beyond telecommunications systems and predated the May report by at least a year, the New York Times reported July 29, with one congressman pithily labeling the campaign a ticking time bomb.
Further, the Times reported that There is a debate inside the administration over whether the goal of the operation is primarily aimed at disrupting the military, or at civilian life more broadly in the event of a conflict.
Austin Berglas, a former FBI Cyber Division special agent, now global head of professional services at BlueVoyant, isnt surprised that China is buried inside of the USs most critical networks.
Weve known that China is looking to exploit any sector it could to give them an advantage politically, socially, or economically. So its not surprising, he says. What is surprising is the mention of destructive malware. Thats not normally seen in their typical toolkit.
When you look at traditional tactics, techniques, and procedures (TTPs) used by Chinese state actors, theyre doing espionage, he explains. Malware designed to disrupt or destroy critical systems changes the story. Is it positioning them for a retaliatory strike? Is it something that were going to start seeing more of in the future from these guys?
Also on July 29, Forbes revealed that the Pentagon ordered a raid on a 48-year-old engineer from the Arnold Air Force base in Tullahoma, Tenn.
According to the relevant search warrant, the engineer had taken $90,000 worth of radio equipment home, gaining unauthorized access to radio communications technologies employed by Air Education and Training Command (AETC), a wing of the Air Force responsible for recruitment and training.
In the raid, investigators found an open computer running a Motorola radio programming software which contained the entire Arnold Air Force Base (AAFB) communications system, the warrant stated, plus evidence of access to privileged communications from the FBI and other Tennessee state agencies.
Berglas says that the impact on the other agencies is not surprising. He likens it to his time in the FBI. If I was sitting at my desk at work, I couldnt put a USB drive into my computer. I couldnt put a disc in to make a copy, or take that media off of the network any other way, aside from printing, he explains.
The problem is, as an FBI office, you rely heavily on state and local partners. So you need to give them classified access to certain levels of information, depending on the investigation. But when that information gets to that office, those task forces and contractors probably dont have the same level of cyber safeguards in place, he explains.
Its a lesson for any organization: Even those that practice such stringent zero trust as the FBI and Air Force still face the same insider threats, and the same supply chain risks, as any other organization.
When youre looking at securing classified information, he concludes, you have to enable those individual and agency partners to comply. Its about giving resources to the weakest link in the chain, and supporting them to be more secure.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Chinas Volt Typhoon APT Burrows Deeper Into US Critical Infrastructure