China’s cybersecurity agency once again refuted claims from the United States and Microsoft Corporation that Chinese state-sponsored hackers were behind a major cyberattack targeting critical American computer networks. Known as Volt Typhoon, the cyberattack has been a point of contention between Washington and Beijing since its disclosure in 2023. In a report released this Monday, China’s National Computer Virus Emergency Response Center dismissed the accusations, labeling them as a “political farce” orchestrated by the US to damage China’s international reputation.
The report, backed by more than 50 cybersecurity experts from around the world, argued that there is insufficient evidence to connect Volt Typhoon to the Chinese government. This denial marks the third such statement issued by China this year in response to ongoing allegations regarding its involvement in the attack.
Volt Typhoon was first identified by Microsoft in May 2023. According to Microsoft’s analysis, the cyberattack targeted critical infrastructure in the US and was linked to a Chinese state-sponsored hacking group. The group was reportedly embedded in US industrial networks for at least five years, raising concerns about national security and the vulnerability of critical systems.
Soon after Microsoft’s report, the US government, alongside several allied nations, publicly warned about the implications of Volt Typhoon. According to the US, the breach was not an isolated incident but part of a broader Chinese cyber espionage campaign that could threaten national security and disrupt essential services.
The attackers were said to use living-off-the-land techniques, a strategy in which existing system tools are used to avoid detection. Volt Typhoon targeted infrastructure sectors like telecommunications, energy, transportation, and manufacturing—critical elements of the US economy. The US government framed the attack as an escalation in the ongoing cyber conflict between China and the United States, a battle that has intensified in recent years amid rising geopolitical tensions.
China has consistently rejected allegations regarding its involvement in the Volt Typhoon attack. Monday’s report from China’s National Computer Virus Emergency Response Center emphasized that the claims are based on circumstantial evidence and serve as a deliberate move by Washington to politicize cybersecurity issues. The report cited the findings of global experts, arguing that the evidence presented by Microsoft and the US government was neither conclusive nor convincing.
The Chinese cybersecurity agency further claimed that the US intelligence community has a history of conducting covert cyber operations. According to the report, these operations include “cyber warfare forces” designed to perform reconnaissance and penetration of networks around the globe, including those in China.
The report specifically highlighted the use of a tool called “Marble,” which was allegedly created by the US Central Intelligence Agency (CIA). Marble is said to have the capability to mask the origins of a cyberattack by inserting code fragments in foreign languages, such as Chinese or Russian, to mislead investigators. This tool, according to the Chinese report, allows the US to frame other countries, including China, as the perpetrators of cyberattacks.
“The political motivations behind this accusation are clear,” said the report, adding that the US has long used its technological dominance to launch cyber operations and conduct espionage against both rivals and allies. The report did not provide direct evidence to support these claims but positioned the US as the world’s most aggressive cyber actor, with a long history of hacking activities.
Microsoft, the company that initially identified Volt Typhoon, has declined to comment on the latest accusations from China. Requests for a response from the US State Department also went unanswered, according to reports from Bloomberg News. The lack of immediate response may reflect the delicate nature of the issue, as it sits at the intersection of technology, national security, and international relations.
While the US government has consistently blamed Chinese actors for cyber espionage campaigns, it rarely provides detailed evidence in public forums, citing national security concerns. The case of Volt Typhoon is no different, with much of the supporting information remaining classified or known only to a select group of experts within intelligence agencies.
The accusations surrounding Volt Typhoon are part of a broader narrative of growing cyber tensions between the US and China. In recent years, the two countries have traded allegations of hacking and cyber espionage, each accusing the other of launching sophisticated cyberattacks aimed at stealing sensitive data or gaining a strategic advantage.
In 2022, a prominent Chinese cybersecurity firm publicly accused the US of orchestrating a massive hacking campaign that targeted computers in 45 countries, including China. This came amid revelations from China’s Ministry of State Security (MSS) that the US had been conducting cyber espionage operations aimed at pilfering sensitive Chinese data. The MSS claimed that foreign actors had increasingly targeted data related to China’s economy, military, and cutting-edge technologies.
Both countries view cybersecurity as a matter of national security, and their competing narratives reflect the broader geopolitical rivalry between the world’s two largest economies. Cyberattacks and data breaches have become an essential tool in the modern espionage playbook, with nations using cyberspace to steal secrets, sabotage systems, and conduct covert operations that fall short of direct military engagement.
The US has not faced China alone in its claims regarding Volt Typhoon. Several allied nations, including members of NATO and countries in the Asia-Pacific region, have echoed Washington’s concerns about Chinese cyber activities. These alliances form part of a broader strategy to counter what Western countries describe as the growing cyber threat posed by China.
Australia, the United Kingdom, and Canada, among others, have voiced their concerns about Chinese state-sponsored cyber activities, with some even attributing specific attacks to Beijing’s intelligence apparatus. These accusations have been met with strong denials from Chinese officials, who often portray such claims as part of a coordinated disinformation campaign by the West.
In response to these accusations, China has sought to rally support from nations within its sphere of influence. Chinese officials have promoted a narrative that frames the US as the aggressor in cyberspace, accusing Washington of leveraging its dominance in global internet infrastructure to spy on both allies and adversaries.
The international response to these competing narratives has been mixed. Some countries, particularly those with deep economic ties to China, have been cautious in how they approach the issue, seeking to balance security concerns with the need for strong bilateral relationships. Others have taken a more confrontational stance, aligning closely with the US in condemning Chinese cyber activities.
The accusations and counterclaims surrounding Volt Typhoon highlight the complex and often murky world of cyber espionage. Unlike traditional forms of warfare, cyberattacks operate in a shadowy space, where attribution is difficult and evidence is often ambiguous. This makes it challenging for countries to respond in a way that is both proportionate and effective.
For the US, attributing cyberattacks to state actors like China serves several purposes. It helps to galvanize public opinion and build international support for stronger cybersecurity measures. It also provides a justification for retaliatory actions, whether in the form of sanctions, indictments, or cyber countermeasures.
For China, denying involvement in these cyberattacks is crucial to maintaining its global image, particularly as it seeks to position itself as a responsible global power. Acknowledging responsibility for attacks like Volt Typhoon would undermine China’s claims of being a victim of foreign cyber aggression and could damage its diplomatic relationships with other countries.
As the US and China continue to clash over issues of cyber espionage, it is clear that the Volt Typhoon incident is just one battle in a much larger conflict. Both nations are investing heavily in cyber capabilities, recognizing that the future of warfare will be fought not only on land, sea, and air but also in cyberspace.
