Introduction
The United States has issued a stern warning to China regarding potential retaliatory cyber-attacks in response to intrusions into US critical infrastructure by Chinese Advanced Persistent Threat (APT) groups, specifically Volt Typhoon and Salt Typhoon [3] [7]. These groups have been implicated in significant cyber espionage and disruptive activities, raising concerns about national security and the need for enhanced cybersecurity measures.
Description
A senior White House official has issued a warning to China regarding potential retaliatory cyber-attacks in response to intrusions into US critical infrastructure by Chinese APT groups [3] [7], specifically Volt Typhoon and Salt Typhoon [3] [7]. Alexei Bulazel [3] [4], Senior Director for Cyber at the National Security Council [3] [4], emphasized the alarming nature of Volt Typhoon’s activities, likening them to preparations for physical attacks on critical services [7]. He criticized the tendency to focus on the victim’s security failings, deeming it unfair when confronting well-resourced nation-state actors like China [7]. Bulazel underscored the importance of a proactive approach to cybersecurity, advocating for collaboration with the private sector to patch vulnerabilities and mitigate the impact of cyber-attacks [7].
Volt Typhoon has reportedly infiltrated networks in critical sectors such as energy [3] [7], water [3] [4] [6] [7], aviation [6], and transportation since at least mid-2021, raising concerns about future destructive attacks [3] [7]. The group aims to disrupt US military mobilization capabilities in the event of a conflict [6], including a potential Chinese invasion of Taiwan [6]. In January 2024 [6], the US successfully disrupted a botnet used by Volt Typhoon [6], which consisted of thousands of compromised US-based routers [6]. By January 2025 [6], over 100 intrusions linked to Volt Typhoon were reported [6], with a significant focus on Guam [6], where the group targeted critical infrastructure and employed new malware [6]. However, claims by the US that Volt Typhoon is a “Chinese state-sponsored” hacking organization have been met with skepticism from China, which views these allegations as an exaggeration of the “China threat theory” for funding purposes. Chinese officials have criticized the lack of detailed analysis linking the cyberattacks to Volt Typhoon [2], suggesting that many IP addresses associated with the attacks were previously linked to a ransomware group called Dark Power [2].
Salt Typhoon’s cyber espionage campaign has been described as one of the most damaging series of cyberattacks against the United States [1], significantly impacting national security [1]. The group gained attention in late 2024 for its large-scale espionage campaign targeting major US telecommunications companies, including Verizon [5], AT&T [5] [6], and Lumen Technologies [5], affecting over a million users [6], many of whom were government targets [6]. Salt Typhoon accessed sensitive communications, including customer metadata such as phone calls and text messages, and may have exploited vulnerabilities in Cisco routers to infiltrate these networks [6]. Notably, the hackers accessed private data from political figures [1], including President-elect Donald Trump [5], Vice President Kamala Harris [5], and Senate Majority Leader Chuck Schumer [5]. The FBI is currently investigating these persistent cyber intrusions [5], which have reportedly been ongoing for at least two years [5], highlighting the significant supply chain risks posed by Salt Typhoon as it targets both telecom companies and their customers [5].
Bulazel called for imposing costs on adversaries through cyber countermeasures [4], legal actions [4], and international sanctions [4], stressing the need to degrade adversary capabilities to prevent escalation. In response to these threats [5], the Cyber Safety Review Board (CSRB) had initiated an investigation into the attacks [5], but its disbandment raised concerns about the future of national cybersecurity efforts [1]. Legislative measures are being considered to enhance national cybersecurity [5], particularly regarding the Cybersecurity and Infrastructure Security Agency (CISA) [1] [4], which was also involved in the investigation [1]. CISA’s future direction will focus on enhancing cybersecurity and infrastructure security, moving away from disinformation monitoring [4]. The agency is expected to strengthen partnerships with private entities to address vulnerabilities and dismantle threats in real time [4]. Experts emphasize the importance of encryption in protecting communications from Salt Typhoon’s espionage efforts [5], suggesting that encrypted data would be difficult for adversaries to exploit even if intercepted [5]. The US government’s cybersecurity budget has reached a record $13 billion for the 2025 fiscal year [2], reflecting the growing emphasis on cybersecurity amid these ongoing threats [2].
Conclusion
The ongoing cyber threats posed by Volt Typhoon and Salt Typhoon underscore the critical need for robust cybersecurity measures and international cooperation. The United States is actively working to enhance its cybersecurity posture through legislative measures, increased funding, and collaboration with private entities. The emphasis on encryption and proactive defense strategies aims to mitigate the impact of cyber espionage and protect national security. As these threats evolve, continued vigilance and adaptation will be essential to safeguarding critical infrastructure and maintaining global stability.
References
[1] https://www.cybersecuritydive.com/news/salt-typhoon-telecom-hacks-one-of-the-most-consequential-campaigns-against/746870/
[2] https://global.chinadaily.com.cn/a/202404/16/WS661dbdb9a31082fc043c21fe.html
[3] https://www.infosecurity-magazine.com/news/white-house-china-cyber-retaliation/
[4] https://the420.in/us-cyber-retaliation-warning-china-volt-typhoon-cisa-rsa2025/
[5] https://www.csoonline.com/article/3621674/salt-typhoon-poses-a-serious-supply-chain-risk-to-most-organizations.html
[6] https://tech.ezesavers.com/meet-the-chinese-typhoon-hackers-preparing-for-war/
[7] https://ciso2ciso.com/white-house-warns-china-of-cyber-retaliation-over-infrastructure-hacks-source-www-infosecurity-magazine-com/
