{"id":52082,"date":"2023-05-25T21:53:00","date_gmt":"2023-05-25T21:53:00","guid":{"rendered":"https:\/\/www.darkreading.com\/ics-ot\/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns"},"modified":"2023-05-25T21:53:00","modified_gmt":"2023-05-25T21:53:00","slug":"volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/","title":{"rendered":"&#8216;Volt Typhoon&#8217; Breaks Fresh Ground for China-Backed Cyber Campaigns"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt24b68e3316e9633c\/646fc7dcd6b7e7c1374cfa3f\/china_BeeBright_shutterstock.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>News this week that a likely China-backed threat actor is targeting critical infrastructure organizations in Guam has once again raised the specter of America&#8217;s geopolitical adversaries launching disruptive cyberattacks against key communications and operational technologies in a future crisis.<\/p>\n<p>The attacks&nbsp;are part of a broader campaign dubbed &#8220;<a href=\"https:\/\/www.darkreading.com\/endpoint\/-volt-typhoon-china-backed-apt-infiltrates-us-critical-infrastructure\" target=\"_blank\" rel=\"noopener\">Volt Typhoon<\/a>&#8221; that Microsoft reported this week as targeting organizations in the communications, government, utility, manufacturing, maritime, and other critical sectors. Like most state-backed Chinese cyber campaigns over the past several years, the primary focus of Volt Typhoon at first&nbsp;appears to be cyber espionage.<\/p>\n<h2 class=\"regular-text\">A Troubling New Inflection Point for Chinese Cyberattacks?<\/h2>\n<p>But the group&#8217;s targeting of Guam \u2014 a strategic base for defending Taiwan against potential Chinese annexation \u2014 along with other&nbsp;evidence that Microsoft has examined, suggest that the actor is also laying the groundwork for attacks that could disrupt US-Asia communications in a kinetic conflict.<\/p>\n<p>&#8220;There was a period of a few years where we saw relatively little Chinese activity directed against US targets [&#8230;] <span>that&#8217;s changed over the past 12 months<\/span>,&#8221; notes Dick O&#8217;Brien, principal intelligence analyst at Symantec Threat Hunter Team, likely as a result of the geopolitical tensions around the Taiwan issue. &#8220;We think the one named US location (Guam) is significant as Chinese actors are very heavily focused on Taiwan right now, and Guam may be part of that focus,&#8221; he says.<\/p>\n<p>The apparent preparation for disruptive attacks that Microsoft observed marks a significant departure from most cyberattacks by Chinese groups over the past nearly two decades \u2014 the main focus has been on stealing trade secrets and intellectual property from the US and other countries to support China&#8217;s strategic goals around self-reliance. A survey that the Center for Strategic and International Studies did using publicly available information found <a href=\"https:\/\/www.csis.org\/programs\/strategic-technologies-program\/archives\/survey-chinese-espionage-united-states-2000#:~:text=June%202022%3A%20The%20FBI%2C%20National,providers%20since%20at%20least%202020.\" target=\"_blank\" rel=\"noopener\">224 reported instances<\/a> of Chinese espionage targeting US organizations. Almost half (46%) of these involved cyber-enabled espionage.<\/p>\n<h2 class=\"regular-text\">China&#8217;s Long History of Cyber Espionage<\/h2>\n<p>Notable early examples in the list include: an April 2005 campaign where Chinese actors stole information about the Space Shuttle Discovery program from a NASA network; a 2005 operation called <a href=\"https:\/\/www.cfr.org\/cyber-operations\/titan-rain\" target=\"_blank\" rel=\"noopener\">Titan Rain<\/a> to steal US military and defense secrets from defense contractors and military entities; and a 2010 campaign dubbed <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/-aurora-attacks-still-under-way-investigators-closing-in-on-malware-creators\" target=\"_blank\" rel=\"noopener\">Aurora<\/a> that hit Google and some 30 other major technology companies.&nbsp;<\/p>\n<p>More recently, Chinese hackers stole 614 GB of data on a <a href=\"https:\/\/www.theguardian.com\/world\/2018\/jun\/08\/chinese-hackers-us-navy-submarine-missile-secrets-report\" target=\"_blank\" rel=\"noopener\">US supersonic anti-ship missile<\/a> from a US Navy Contractor in 2018; a 2019 attack resulted in the theft of data pertaining to General Electric jet engine turbines; and in May 2020, an attack was aimed at&nbsp;<a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/us-indicts-2-chinese-nationals-for-stealing-ip-business-secrets-including-covid-19-research\" target=\"_blank\" rel=\"noopener\">stealing US research<\/a> related to the coronavirus vaccine.<\/p>\n<p>In nearly half (49%) of instances, the CSIS could identify that the actor and intent involved Chinese government and military operatives; 29% of those incidents involved attempts to steal military technologies, and 54% of them aimed to steal commercial IP and trade secrets.<\/p>\n<p>So far at least, through all these campaigns, Chinese groups have not shown they can wreak widespread havoc on US critical infrastructure \u2014 or at least researchers have simply not uncovered any evidence. But no one doubts that they \u2014&nbsp;and other nation state backed groups, especially Russian APTs \u2014 can as well.&nbsp;<\/p>\n<p>&#8220;China has not demonstrated the ability to disrupt critical infrastructure, but it&#8217;s something we believe they are capable of and other states are capable of,&#8221; says John Hultquist, chief analyst at Mandiant Intelligence \u2014 Google Cloud.<\/p>\n<h2 class=\"regular-text\">China&#8217;s Cyber Potential for Real-World Disruption<\/h2>\n<p>&#8220;Critical infrastructure can be disrupted with capabilities such as ransomware, though some countries, like China, are likely to have access to the ability to attack operational technology (OT) systems,&#8221; he says.<\/p>\n<p>China-backed threat actors are currently the most active among nation-state groups, especially those focused on conducting cyber espionage. CrowdStrike&#8217;s threat intelligence team found that last year <a href=\"https:\/\/www.crowdstrike.com\/global-threat-report\/\" target=\"_blank\" rel=\"noopener\">China-nexus actors targeted 39 industry sectors<\/a> in cyber espionage campaigns across 20 geographic regions last year.<\/p>\n<p>Security researchers have little doubt that the skills that Chinese groups have used in executing these attacks, can be used in carrying out destructive ones if needed.<\/p>\n<p>&#8220;When comparing the technical aspects of the cyber threat from China to other adversary nations, there are differences in tactics, techniques, and procedures (TTPs). Russian groups have often leveraged social engineering and sophisticated malware,&#8221; says Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance (NCA).&nbsp;<\/p>\n<p>In fact,&nbsp;Russian groups often leverage social engineering and sophisticated malware, North Korean groups tend to lean toward to destructive attacks and cyber-enabled financial heists, while Iranian groups have frequently employed DDoS attacks and defacements, Steinhauer says. Chinese groups, meanwhile, have tended to use a mix of spear-phishing, waterhole attacks, and exploit chains. &#8220;However, their abilities and scale are very concerning because they are persistent but don&#8217;t act upon every opportunity to conduct an attack, leaving their true footprint to be unknown,&#8221; he notes.<\/p>\n<h2 class=\"regular-text\">Improving Zero-Day Use&nbsp;&amp; Hacking&nbsp;Capabilities<\/h2>\n<p>In recent years, Chinese APT groups have gotten significantly better at discovering and exploiting zero-days than any other groups. And they also have typically been among the fastest to exploit newly disclosed flaws.<\/p>\n<p><a href=\"https:\/\/www.mandiant.com\/resources\/blog\/zero-days-exploited-2022\" target=\"_blank\" rel=\"noopener\">Data from Mandiant<\/a> shows that in 2022 Chinese cyber espionage groups exploited seven zero-day flaws in various campaigns. That was a notch lower than the eight zero-days they exploited in 2021, but it was still the highest by threat actors from any one country. Examples of zero-day vulnerabilities that Chinese threat actors have used recently used with highly disruptive effect included <a href=\"https:\/\/www.darkreading.com\/endpoint\/attackers-actively-exploiting-new-microsoft-zero-day\" target=\"_blank\" rel=\"noopener\">CVE-2022-30190<\/a> (aka Follina);&nbsp;<a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/china-based-attacker-crafted-custom-malware-for-fortinet-zero-day\" target=\"_blank\" rel=\"noopener\">CVE-2022-42475<\/a> against FortiOS systems; and the so-called<a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/multiple-attack-groups-exploited-microsoft-exchange-flaws-prior-to-the-patches\" target=\"_blank\" rel=\"noopener\"> ProxyLogon<\/a> set of flaws in Microsoft Exchange in 2021.<\/p>\n<p>Many of the attacks from China-based groups have <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa22-158a\" target=\"_blank\" rel=\"noopener\">targeted network and edge devices<\/a> from companies such as Fortinet, Pulse, Netgear, Citrix, and Cisco. Volt Typhoon, the campaign that Microsoft disclosed this week, is no exception. Microsoft analysis showed the threat actor proxying all network traffic via compromised routers and small office\/home office (SOHO) edge devices from companies like ASUS, Netgear, D-Link, and Cisco. In recent campaigns \u2014 including Volt Typhoon, China-backed groups have also shown an affinity to use legitimate and dual use tools to conduct post-compromise reconnaissance, lateral movement, and to maintain persistence.<\/p>\n<p>&#8220;One of their favorite mediums is launching and staging attacks from network edge devices,&#8221; says Craig Jones, vice president of security operations at Ontinue. &#8220;These groups demonstrate proficiency in infiltrating targeted networks and maintaining persistent access [and] operating covertly within compromised systems for extended periods,&#8221; he says. Moreover, they excel in orchestrating supply chain attacks, leveraging trusted vendors and software providers in executing attacks, Jones notes.<\/p>\n<p>Ben Read, senior manager of cyber espionage at Mandiant, assesses that China has the sophistication to create malware capable of disrupting critical infrastructure, though so far there has been no evidence of one. &#8220;Given the large number, and distributed nature of US critical infrastructure networks, it is likely that if they made the political decision to cause a disruption, they would be able to have some effect,&#8221; he says. &#8220;However, the US continues to invest in defense so the scale of the potential impact is uncertain.&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/ics-ot\/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the first incident where a threat actor from the country appears to be laying the groundwork for disruptive attacks in the future, researchers say.Read More <a href=\"https:\/\/www.darkreading.com\/ics-ot\/volt-typhoon-breaks-fresh-ground-china-backed-cyber-campaigns\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-52082","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>&#039;Volt Typhoon&#039; Breaks Fresh Ground for China-Backed Cyber Campaigns 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"&#039;Volt Typhoon&#039; Breaks Fresh Ground for China-Backed Cyber Campaigns 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-25T21:53:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt24b68e3316e9633c\/646fc7dcd6b7e7c1374cfa3f\/china_BeeBright_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"&#8216;Volt Typhoon&#8217; Breaks Fresh Ground for China-Backed Cyber Campaigns\",\"datePublished\":\"2023-05-25T21:53:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/\"},\"wordCount\":1179,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt24b68e3316e9633c\\\/646fc7dcd6b7e7c1374cfa3f\\\/china_BeeBright_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/\",\"name\":\"'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt24b68e3316e9633c\\\/646fc7dcd6b7e7c1374cfa3f\\\/china_BeeBright_shutterstock.jpg\",\"datePublished\":\"2023-05-25T21:53:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt24b68e3316e9633c\\\/646fc7dcd6b7e7c1374cfa3f\\\/china_BeeBright_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt24b68e3316e9633c\\\/646fc7dcd6b7e7c1374cfa3f\\\/china_BeeBright_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"&#8216;Volt Typhoon&#8217; Breaks Fresh Ground for China-Backed Cyber Campaigns\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/","og_locale":"en_US","og_type":"article","og_title":"'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-05-25T21:53:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt24b68e3316e9633c\/646fc7dcd6b7e7c1374cfa3f\/china_BeeBright_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"&#8216;Volt Typhoon&#8217; Breaks Fresh Ground for China-Backed Cyber Campaigns","datePublished":"2023-05-25T21:53:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/"},"wordCount":1179,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt24b68e3316e9633c\/646fc7dcd6b7e7c1374cfa3f\/china_BeeBright_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/","url":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/","name":"'Volt Typhoon' Breaks Fresh Ground for China-Backed Cyber Campaigns 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt24b68e3316e9633c\/646fc7dcd6b7e7c1374cfa3f\/china_BeeBright_shutterstock.jpg","datePublished":"2023-05-25T21:53:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt24b68e3316e9633c\/646fc7dcd6b7e7c1374cfa3f\/china_BeeBright_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt24b68e3316e9633c\/646fc7dcd6b7e7c1374cfa3f\/china_BeeBright_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/volt-typhoon-breaks-fresh-ground-for-china-backed-cyber-campaigns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"&#8216;Volt Typhoon&#8217; Breaks Fresh Ground for China-Backed Cyber Campaigns"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52082","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=52082"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/52082\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=52082"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=52082"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=52082"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}