{"id":57678,"date":"2024-11-13T16:35:56","date_gmt":"2024-11-13T16:35:56","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36588\/Chinas-Volt-Typhoon-Surges-Back-With-A-Vengeance.html"},"modified":"2024-11-13T16:35:56","modified_gmt":"2024-11-13T16:35:56","slug":"chinas-volt-typhoon-surges-back-with-a-vengeance","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/","title":{"rendered":"China&#8217;s Volt Typhoon Surges Back With A Vengeance"},"content":{"rendered":"<p>China&#8217;s Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.<\/p>\n<p>The alert comes nearly ten months after the Feds claimed a victory against the Chinese government-linked miscreants, when the FBI infiltrated the operation and then <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/01\/30\/fbi_china_volt\/\" rel=\"noopener\">remotely wiped<\/a> the botnet.<\/p>\n<p>At the time, the US Justice Department warned that Volt Typhoon had <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/01\/31\/volt_typhoon_botnet\/\" rel=\"noopener\">infected<\/a> &#8220;hundreds&#8221; of outdated Cisco and Netgear boxes with malware so that the devices could be used to break into US energy, water, and other vital facilities. Plus, the crew had been targeting American critical organizations as <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/10\/02\/aws_security_madpot\/\" rel=\"noopener\">far back<\/a> as 2021.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Just last week, news reports emerged that the same cyber espionage crew had <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/11\/06\/chinas_volt_typhoon_breached_singtel\/\" rel=\"noopener\">breached<\/a> Singapore Telecommunications over the summer as a &#8220;test run by China for further hacks against US telecommunications companies.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>&#8220;Once thought dismantled, Volt Typhoon has returned, more sophisticated and determined than ever,&#8221; declared Ryan Sherstobitoff, SVP of threat research and intelligence at SecurityScorecard.&nbsp;<\/p>\n<p>In a Tuesday <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/securityscorecard.com\/blog\/botnet-is-back-ssc-strike-team-uncovers-a-renewed-cyber-threat\/\">report<\/a>, Sherstobitoff revealed that the security shop&#8217;s Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team had spotted Volt Typhoon exploiting outdated Cisco RV320\/325 routers and Netgear ProSafe routers.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;These end-of-life devices become perfect entry points, and in just 37 days, Volt Typhoon compromised 30 percent of visible Cisco RV320\/325 routers,&#8221; Sherstobitoff wrote.<\/p>\n<p>When asked about specific vulnerabilities being abused, Sherstobitoff told <em>The Register<\/em>: &#8220;There are no clear CVEs that Volt is exploiting in current Cisco devices.&#8221;<\/p>\n<p>But, he added, because the routers are end-of-life, the vendor no longer issues security updates. &#8220;This leads to increased exploitation of existing ones,&#8221; Sherstobitoff warned.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Since the disruption and subsequent rebuilding of the botnet, the threat hunters have seen &#8220;a few dozen&#8221; compromised devices, he told us. However, he noted, &#8220;we have observed changes in command and control servers being deployed into other network providers.&#8221;<\/p>\n<p>The FBI declined to comment on Volt Typhoon&#8217;s reported resurgence, and the US government&#8217;s Cybersecurity and Infrastructure Agency did not immediately response to<i>The Register<\/i>&#8216;s inquiries.<\/p>\n<h3 class=\"crosshead\">Volt Typhoon&#8217;s attack timeline<\/h3>\n<p>The Chinese crew&#8217;s botnet first came to light in 2023, after Microsoft and intelligence agencies from the Five Eyes nations <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/05\/25\/china_volt_typhoon_attacks\/\" rel=\"noopener\">disclosed<\/a> that Volt Typhoon had accessed networks belonging to US critical infrastructure organizations.<\/p>\n<p>The spy gang, we&#8217;re told, had built a botnet from Cisco and Netgear routers identified by a self-signed SSL certificate named JDYFJ. This botnet, according to SecurityScorecard, used command-and-control (C2) infrastructure in the Netherlands, Latvia, and Germany to disguise its malicious traffic.<\/p>\n<p>By October 2023, Volt Typhoon had taken up occupancy, rent-free, on a compromised VPN device in New Caledonia. This created &#8220;a covert bridge between Asia-Pacific and the Americas&#8221; that kept &#8220;their network alive, hidden from standard detection,&#8221; Sherstobitoff wrote.&nbsp;<\/p>\n<p>In January 2024, the FBI-led effort disrupted some of Volt Typhoon&#8217;s infrastructure. However, in the Tuesday report, Sherstobitoff explains the Chinese spies rapidly set up new C2 servers on Digital Ocean, Quadranet, and Vultr and also registered fresh SSL certificates to avoid the prying eyes of law enforcement.<\/p>\n<p>As of September, &#8220;the botnet persists,&#8221; he wrote. It uses the JDYFJ cluster to route traffic globally. &#8220;Connections from New Caledonia and router nodes remain active for over a month, reinforcing Volt Typhoon&#8217;s infrastructure.&#8221;<\/p>\n<h3 class=\"crosshead\">Chinese government-linked attacks on the rise<\/h3>\n<p>This report comes as government officials and private security firms alike have noted an uptick in Chinese cyber spy activity on US and global networks.<\/p>\n<p>Last week, Bloomberg said Volt Typhoon had broken into Singtel&#8217;s networks before being spotted in June, and had used a web shell in that security breach.<\/p>\n<p>In August, Lumen Technologies&#8217; Black Lotus Labs <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/08\/27\/chinas_volt_typhoon_versa\/\" rel=\"noopener\">warned<\/a> that Volt Typhoon had abused a Versa SD-WAN vulnerability CVE-2024-39717 to plant custom, credential-harvesting web shells on customers&#8217; networks.<\/p>\n<p>Then, in September, another Chinese-government-backed group dubbed Salt Typhoon was <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/09\/25\/chinas_salt_typhoon_cyber_spies\/\" rel=\"noopener\">accused<\/a> of breaking into US telecom providers&#8217; infrastructure. These intrusions came to light in October, with the spies reportedly <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/10\/07\/verizon_att_lumen_salt_typhoon\/\" rel=\"noopener\">breaching<\/a> Verizon, AT&amp;T, and Lumen Technologies.<\/p>\n<p>Also in September, the FBI revealed that international cops disrupted a 260,000-device botnet controlled by a different Beijing-linked goon squad: <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/09\/18\/fbi_flax_typhoon_ransomware\/\" rel=\"noopener\">Flax Typhoon<\/a>.<\/p>\n<p>This group had been building the Mirai-based botnet since 2021 and targeted US critical infrastructure, government, and academics. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36588\/Chinas-Volt-Typhoon-Surges-Back-With-A-Vengeance.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[11110],"class_list":["post-57678","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlinegovernmentchinacyberwarbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>China&#039;s Volt Typhoon Surges Back With A Vengeance 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"China&#039;s Volt Typhoon Surges Back With A Vengeance 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-11-13T16:35:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"China&#8217;s Volt Typhoon Surges Back With A Vengeance\",\"datePublished\":\"2024-11-13T16:35:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/\"},\"wordCount\":717,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_onprem\\\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,government,china,cyberwar,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/\",\"name\":\"China's Volt Typhoon Surges Back With A Vengeance 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_onprem\\\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-11-13T16:35:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_onprem\\\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_onprem\\\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinas-volt-typhoon-surges-back-with-a-vengeance\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,china,cyberwar,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentchinacyberwarbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"China&#8217;s Volt Typhoon Surges Back With A Vengeance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"China's Volt Typhoon Surges Back With A Vengeance 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/","og_locale":"en_US","og_type":"article","og_title":"China's Volt Typhoon Surges Back With A Vengeance 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-11-13T16:35:56+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"China&#8217;s Volt Typhoon Surges Back With A Vengeance","datePublished":"2024-11-13T16:35:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/"},"wordCount":717,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,government,china,cyberwar,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/","url":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/","name":"China's Volt Typhoon Surges Back With A Vengeance 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-11-13T16:35:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_onprem\/publicsector&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZzcOKS-jTrItZJGSOCMavwAAABc&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinas-volt-typhoon-surges-back-with-a-vengeance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,china,cyberwar,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentchinacyberwarbackdoor\/"},{"@type":"ListItem","position":3,"name":"China&#8217;s Volt Typhoon Surges Back With A Vengeance"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=57678"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/57678\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=57678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=57678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=57678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}