Navigating the ‘Typhoons’: Inside these China-linked threat actors
By andSince 2023, the United States and its allies have been identifying, tracking, and working to expelmajor malicious cyber threat actors spread across a significant number of critical infrastructure systems and networks. Three of these actors — Volt Typhoon, Flax Typhoon, and Salt Typhoon — represent a troubling exploitation of systems critical to the U.S. economy and Americans’ daily lives.
Impacted sectors include healthcare, transportation, government, higher education, water and wastewater, energy, maritime, and telecommunications, among others. The cross-sector nature and depth of these attackers’ actions, as well as their similar labeling, can leave cybersecurity stakeholders, media, and the public with an unclear picture of how the typhoons contrast each other. Moreover, while each of the actors individually present a major threat, collectively, they represent a massive and pervasive threat landscape emanating from the People’s Republic of China (PRC).
This brief will outline the different actors, what they are believed to have infiltrated, and how the U.S. government has responded. U.S. software and technology firm, Microsoft, has attributed the “typhoon” label to these Chinese state-linked threat actors, which the U.S. government has also subsequently adopted.