Volt Typhoon is a codename for a hacking group described as being sponsored by the Chinese government.[1]
The name “Volt Typhoon” is used by Microsoft to describe the group based on the company's internal “threat actor naming taxonomy.”[2] Secureworks describes the same group by the codename “Bronze Silhouette”.[3]
Volt Typhoon has reportedly been in operation since mid-2021.[4] In June 2021, Secureworks identified an intrusion into one of its clients' networks, which the company attributed to the group.[3:1] Separate intrusions were reported by Secureworks in September 2021 and June 2022.
On May 24, 2023, Microsoft issued a warning that Volt Typhoon had “compromised 'critical' U.S. cyber infrastructure across numerous industries with a focus on gathering intelligence.”[1:1] The National Security Agency (NSA) followed up with a report of their own titled “People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection”, co-published with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NCSC-NZ) and the United Kingdom National Cyber Security Centre (NCSC-UK).[5]
Secureworks published their own statement concurrently, describing their own analysis of the group's activities.[3:2]
Goswami, R. (2023, May 24). Microsoft warns that China hackers attacked U.S. infrastructure. CNBC. http://archive.today/2023.05.24-213247/https://www.cnbc.com/2023/05/24/microsoft-warns-that-china-hackers-attacked-us-infrastructure.html ↩︎ ↩︎
diannegali, chrisda, Dansimp, & Stacyrch140. (2023, April 20). How Microsoft names threat actors. Microsoft. http://archive.today/2023.05.17-020026/https://learn.microsoft.com/en-us/microsoft-365/security/intelligence/microsoft-threat-actor-naming?view=o365-worldwide ↩︎
Secureworks Counter Threat Unit. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Secureworks. http://archive.today/2023.05.25-155704/https://www.secureworks.com/blog/chinese-cyberespionage-group-bronze-silhouette-targets-us-government-and-defense-organizations ↩︎ ↩︎ ↩︎
Microsoft Threat Intelligence. (2023, May 24). Volt Typhoon targets US critical infrastructure with living-off-the-land techniques. Microsoft Security Blog. http://archive.today/2023.05.25-103813/https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/ ↩︎
People’s Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. (2023, May 24). National Security Agency. https://web.archive.org/web/20230525163919/https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF ↩︎