As a particularly tragic hurricane season draws to a close, storms of a very different kind continue to agitate cyberspace. “Volt Typhoon” and “Salt Typhoon”, the nicknames given to two groups of hackers linked to the Chinese government, have been giving computer security experts cold sweats for months.

Between February and November 2024, they reportedly penetrated a wide range of telecommunications, electricity and water treatment suppliers in the USA, Australia and Southeast Asia.

Salt Typhoon, which made headlines last month when it managed to infiltrate the systems of telecoms firms AT & T, Verizon and Lumen, currently appears to be focused on the massive detour of data for espionage purposes. Volt Typhoon, however, appears to serve more nefarious ends: the group (suspected of working for Chinese intelligence) is said to have the mission of pre-positioning malicious code in various critical infrastructures in countries deemed hostile to China. The idea is essentially to be able to suddenly launch large-scale cybersabotage operations the day a conflict erupts between Beijing and its rivals – usually over Taiwan.

A booming strategy

Increasingly common, this strategy of pre-positioning responds to a very simple imperative: unlike an air strike or missile launch, an offensive cyber operation requires a long design period and must be tailored to the systems it is intended to damage.

A state wishing to launch an offensive cyberoperation therefore has no choice but to prepare it discreetly well in advance, by concealing digital “time bombs” in the depths of adversary countries’ infrastructures.

Russia has been seen snooping around American (and Canadian) power grids as far back as 2019, and it’s almost certain that the US is doing the same to its competitors.. . Source