China’s three reports of the Volt Typhoon prove that US cyberattacks are detectable: experts

Illustration: Liu Rui/GT

China’s three reports on the Volt Typhoon revealed the truth behind systematic U.S. cyberattack activities and showed that such U.S. operations were detectable, experts said.

China’s National Computer Virus Emergency Response Center (CVERC) released its latest report on Volt Typhoon, a hacking team, on Monday. Five Eyes Nations and Microsoft have accused China of involvement without concrete evidence.

Monday’s report is the third report on Volt Typhoon released by the Chinese side. In addition, the cyber espionage operations against China, Germany and other countries launched by the United States and other Five Eyes countries were disclosed.

Although the US government and Microsoft have not yet responded, the report has attracted widespread attention in the US cybersecurity space. US analysis website OODA published the main contents of the Chinese report on Wednesday, accusing China of missing “concrete evidence” in it.

The article was written by a senior strategic intelligence analyst supporting U.S. government civilian and military intelligence organizations and the private sector. The focus is on the three Volt Typhoon reports released since April.

The three reports released by China not only challenge the US’s false narrative about China’s involvement in the Volt Typhoon issue, but also suggest that the US is running a disinformation campaign to disadvantage China in the international community. The latest report relies on confidential information from Snowden and WikiLeaks and provides indirect evidence that the real culprit behind the Volt Typhoon is the US, not China. Although the report is based on indirect evidence, it presents a compelling hypothesis.

Li Baisong, director of the technical committee of Antiy Technology Group, told the Global Times that the US cyberattack activities are long-term and systematic, posing significant challenges for countermeasures.

In particular, the United States has exploited its upstream position in the industrial chain to gain a significant asymmetric advantage over other countries. For example, the asymmetric benefits resulting from the selective openness and specific scoping of serious vulnerabilities such as EternalBlue and Ghost may have created a six-month exclusive operational window for US intelligence agencies; Additionally, Microsoft’s early release of patch files to the US Air Force provided an operational window a month in advance. This is all part of the US intelligence community’s NOBUS (Nobody But US) strategy of exploiting vulnerabilities to support their own espionage efforts, Li said.

Du Zhenhua, a senior engineer at CVERC, noted that U.S. attacks are systematic operations involving organization, personnel, equipment systems and operations, with tracking and concealment occurring throughout the system.

Taking countermeasures requires a comprehensive, objective and thorough analysis of problems and gaps, with increased vigilance on the upstream advantages and information asymmetries that the US possesses at the standards, industrial chain and supply chain levels, Du noted.

Despite the upstream advantages and preventative measures, in most scenarios, the actual attack process still relies on the implantation, deployment, operation and continuous control of Trojan executors. As long as solid security capacity building is carried out, the advantages of the defense side’s environmental design are fully exploited, and capabilities such as detection, analysis and hunting are strengthened, it is possible to detect, analyze and defend against US attacks, Du said .