Volt Typhoon is a state-sponsored cyber‑espionage group linked to the People’s Republic of China that targets U.S. critical infrastructure. Active since at least mid‑2021, the group drew widespread attention in May 2023 following public disclosure by Microsoft, with further confirmation in 2024 when CISA reported compromises across multiple critical infrastructure organizations. Volt Typhoon relies heavily on living‑off‑the‑land techniques, using valid credentials and native system tools to avoid detection and maintain long‑term access. Its ability to remain hidden for extended periods while pre‑positioning within networks makes it a serious strategic threat. The ongoing activity highlights the importance of continuous monitoring, strong credential protection, and enhanced defense measures

Join for free to read