Volt Typhoon: China Attacks U.S. Infrastructure

Written By Jason Simpkins

Posted December 12, 2023

China has been hacking government and corporate databases for years, stealing strategic intel and trade secrets.

But now it’s on to something different.

It’s joined Russia in attacking critical U.S. infrastructure nodes like ports, rail systems, power plants, pipelines, and water utilities. 

Specifically, Volt Typhoon, a group of Chinese hackers affiliated with the PLA, targeted at least two dozen entities, including Hawaii’s water system and Texas’ power grid, in a series of attacks dating back to 2021.

Microsoft uncovered the effort and described it as a stealth campaign to establish a clandestine presence within critical networks. Then, should hostilities break out, they can spring to action.

“You’re trying to build tunnels into your enemies’ infrastructure that you can later use to attack,” Joe McReynolds, a China security studies fellow at the Jamestown Foundation, told The Washington Post. “Until then you lie in wait, carry out reconnaissance, figure out if you can move into industrial control systems or more critical companies or targets upstream. And one day, if you get the order from on high, you switch from reconnaissance to attack.”

To accomplish this, Volt Typhoon is harvesting data — including credentials from local and network systems — archiving it, and then attempting to blend in to normal network activity by routing traffic through compromised small-office and home-office network equipment, including routers, firewalls, and VPN hardware. 

With that information, the PLA could sow chaos and panic, disrupt key services, and complicate logistics at crucial moments — like during an invasion of Taiwan, for instance.

This is something Chinese military officers describe in internal documents as “network warfare,” to be synchronized with air and missile strikes.

And they’re not the only ones doing it. 

Russia is infiltrating critical infrastructure too. In fact, it’s believed to have placed “cyber bombs” that could be set off in the event of a war.

Worse, these attacks have escalated since the country invaded Ukraine last year. 

Indeed, NATO countries have been hit with an unprecedented volume of cyberattacks since the war’s outbreak, including a denial-of-service (DoS) attack that affected at least 40 U.S. airports last year.

The Russian group, called Killnet, jammed up websites with fake users, forcing them offline. It also attempted to infiltrate JPMorgan’s network infrastructure and assailed websites of three U.S. states (Colorado, Kentucky, and Mississippi).

You may also remember the attack on JBS, the world’s largest meat supplier, which shut down operations in Australia, Canada, and the United States, affecting everything from local grocery stores to major chains like McDonald’s.

Or the Colonial Pipeline ransomware attack that severed supplies of gasoline and jet fuel from Texas to the East Coast. 

Or the SolarWinds hack, which exposed hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies including the Departments of Energy, Commerce, Treasury, and State, as well as the National Nuclear Security Administration.

American allies across Europe, including many that aren’t on most Americans’ radar, have also been slammed by Russian cyberattacks.

Montenegro, Estonia, Albania, and Finland have been among the hardest hit. 

Montenegro was targeted with ransomware attacks so sophisticated that it had to call in the FBI to help out. 

And Albania suffered a cyberattack so great that it considered invoking Article 5 of the NATO charter, necessitating a collective defense from the alliance.

That attack was attributed not to Russia proper but rather to its ally Iran. 

These attacks can also be especially painful in the winter, as Russia often attempts to knock out its enemies’ power as a means of literally freezing them to death — something that qualifies as a war crime in some cases.

There’s not much we can do to avoid falling victim to these attacks, but investors can at least mitigate the damage by investing in cybersecurity companies like Palo Alto Networks (NASDAQ: PANW) and CyberArk Software (NASDAQ: CYBR).

I also cover some lesser-known military technology suppliers employed by the Pentagon to combat these attacks in my Secret Stock Files investment service — including this AI company that’s nailed down a huge number of sensitive government contracts.

Fight on,

Jason Simpkins Signature

Jason Simpkins

Simpkins is the founder and editor of Secret Stock Files, an investment service that focuses on companies with assets — tangible resources and products that can hold and appreciate in value. He covers mining companies, energy companies, defense contractors, dividend payers, commodities, staples, legacies and more…

In 2023 he joined The Wealth Advisory team as a defense market analyst where he reviews and recommends new military and government opportunities that come across his radar, especially those that spin-off healthy, growing income streams. For more on Jason, check out his editor’s page.

Be sure to visit our Angel Investment Research channel on YouTube and tune into Jason’s podcasts.

Want to hear more from Jason? Sign up to receive emails directly from him ranging from market commentaries to opportunities that he has his eye on. 

follow basic@OCSimpkins on Twitter

Angel Pub Investor Club Discord - Chat Now

Jason Simpkins Premium