Article criticizes 'Volt Typhoon' as a theatrical US political maneuver.
The report criticizes 'Volt Typhoon' as a politically motivated event orchestrated by the United States.
TroibNews 
A report released by Chinese cybersecurity agencies on Monday asserts that the U.S. government and its intelligence agencies executed a false flag operation aimed at misleading and insulting other nations, employing backdoor malware in U.S.-manufactured IT devices to infiltrate foreign network infrastructures.
"We decided to publish this report for the purpose of further disclosure of the cyber espionage operations targeting China, Germany and other countries, which were launched by the U.S. government, intelligence agencies and Five Eyes countries," states the report co-authored by China's National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention Technology.
Entitled "Volt Typhoon III: A Cyber Espionage and Disinformation Campaign Conducted by U.S. Government Agencies," this third report critiques the "Volt Typhoon" operation as a political charade orchestrated by the U.S. government. It notes that U.S. agencies, mainstream media, and tech giant Microsoft have remained largely silent regarding the prior two reports unveiled in April and July. Only former U.S. intelligence official Robert Edward Joyce and a few cybersecurity firms have attempted to refute these findings, avoiding direct engagement with their content to misrepresent the facts.
In a joint advisory issued in February, the U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation described "Volt Typhoon" as a Chinese state-sponsored entity reportedly compromising critical U.S. infrastructure. Microsoft’s website claims "Volt Typhoon" has been operational since mid-2021, primarily focusing on espionage and information gathering.
Chinese cybersecurity experts assert that over 50 professionals from the U.S., Europe, Asia, and other regions concur that the U.S. government and Microsoft have unjustly tied "Volt Typhoon" to the Chinese government without substantial evidence, expressing concern over the U.S. government's fabrication surrounding "Volt Typhoon."
The report elaborates on the U.S. "Defend Forward" strategy in cyberspace, highlighting "Hunt Forward" operations where cyber-warfare forces are deployed for close reconnaissance and network infiltration against adversarial nations.
The investigation revealed that U.S. intelligence agencies have fashioned a specialized stealth "toolkit" known as "Marble" to obfuscate their Computer Network Exploitation operations, mislead attribution analyses, and falsely assign blame to other nations.
This "toolkit" is described as a framework that integrates with various cyber weapons development projects, enabling developers to obfuscate identifiable strings in code, effectively "erasing" the fingerprints of cyber weapons creators. This tactic resembles altering the "rifling" of firearms, complicating efforts to attribute the real origins of cyber weapons.
Moreover, the "Marble" framework reportedly includes a "dirty" feature that permits the insertion of strings in multiple languages—such as Chinese, Russian, Korean, Persian, and Arabic—clarifying that this is designed to mislead investigators and tarnish the reputations of the associated nations.
The nature of this false flag operation extends beyond mere coding to emulating the tactics and procedures of cybercriminal groups. As a result, hackers affiliated with U.S. cyber forces and intelligence can masquerade like "chameleons" in cyberspace, presenting themselves as if they were operating from other countries while conducting cyberattacks and espionage globally.
Such false flag activities form a crucial part of the U.S. intelligence community’s "EFFECTS Operation," which is referred to as "Online Covert Action" in the United Kingdom. Internal documents from the U.S. and the "Five Eyes Alliance" detail that these operations must conform to the "4D principle"—deny, disrupt, degrade, and deceive. These principles encapsulate key elements of the "Volt Typhoon" operation.
In its second report published in July, Chinese cybersecurity agencies disclosed that U.S. government and intelligence agencies have been concocting cyber threats abroad, orchestrating misinformation campaigns under the framework of Section 702 of the U.S. Foreign Intelligence Surveillance Act, often characterized as the "warrantless surveillance act." The latest report expands on these surveillance initiatives.
The findings suggest that the advanced internet infrastructure of the U.S. has control over significant internet "choke points" with at least seven access sites for tapping into and covering all submarine optical cables from the Atlantic to the Pacific Oceans.
The NSA has initiated two relevant projects known as "UpStream" and "Prism." "UpStream" was designed to capture and store all raw data intercepted from submarine cables, creating a vast "data reservoir" for later processing, while "Prism" categorizes this data for various internet applications in an effort to recover communication contents.
Both programs are sanctioned under Section 702 of FISA, which provides a legal framework for global internet surveillance. The report further notes that command and control centers for many spyware programs are stationed in U.S. military bases abroad, including Japan, South Korea, Guam, and Hawaii.
Consequently, it is suggested that Guam—a U.S.-controlled territory in the Pacific—is the original source of the "Volt Typhoon" false narrative propagated by the U.S. government, establishing it not as a target but as a command center directing operations against China and other Southeast Asian countries.
Through Section 702, the U.S. has constructed a sweeping global internet surveillance network, extending its reach to France, Germany, Japan, and even monitoring its own citizens involved in protests like "Black Lives Matter" and "Occupy Wall Street."
The hidden truth
Earlier reports from Chinese cybersecurity agencies regarding "Volt Typhoon" highlighted that Microsoft has enhanced its cooperation with U.S. military and intelligence agencies, with this collaboration intensifying in 2024.
The technology giant reportedly provided offline versions of its AI models to U.S. intelligence agencies, which utilized them for analyzing highly classified intelligence data, as reported by Bloomberg on May 7.
Additionally, Microsoft launched a new AI solution featuring a "Recall" feature that records every action taken by users on its Windows operating system for analysis by the AI assistant. In June, OpenAI, a Microsoft partner, welcomed former NSA Director Paul Nakasone to its board of directors.
"As an important partner in the Section 702 wiretap programs, Microsoft is increasingly influenced and manipulated by U.S. intelligence agencies," the latest report claims. "In return, it could be said that the U.S. government agencies have given the green light to Microsoft's abuse of its dominant position in the market and its use of Windows and Office updates to bundle and push software products in a way that could be perceived as a disguised form of monopoly."
The report reiterates China's consistent opposition to political interference in technical inquiries into cybersecurity incidents and the politicization of cyberattack attribution. It calls for comprehensive international cooperation in this field.
The latest findings also revisit previous reports: "Volt Typhoon: A Conspiratorial Swindling Campaign Targeting U.S. Congress and Taxpayers Conducted by U.S. Intelligence Community" and "Volt Typhoon II: A Secret Disinformation Campaign Targeting U.S. Congress and Taxpayers Conducted by U.S. Government Agencies." The conclusion drawn suggests that Washington's narrative surrounding the campaign is strategically designed to safeguard warrantless surveillance powers and the political and economic interests of various stakeholders.
For more: https://www.cverc.org.cn/head/zhaiyao/futetaifeng3_EN.pdf
Lucas Dupont for TROIB News
"We decided to publish this report for the purpose of further disclosure of the cyber espionage operations targeting China, Germany and other countries, which were launched by the U.S. government, intelligence agencies and Five Eyes countries," states the report co-authored by China's National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention Technology.
Entitled "Volt Typhoon III: A Cyber Espionage and Disinformation Campaign Conducted by U.S. Government Agencies," this third report critiques the "Volt Typhoon" operation as a political charade orchestrated by the U.S. government. It notes that U.S. agencies, mainstream media, and tech giant Microsoft have remained largely silent regarding the prior two reports unveiled in April and July. Only former U.S. intelligence official Robert Edward Joyce and a few cybersecurity firms have attempted to refute these findings, avoiding direct engagement with their content to misrepresent the facts.
In a joint advisory issued in February, the U.S. Cybersecurity and Infrastructure Security Agency, the National Security Agency, and the Federal Bureau of Investigation described "Volt Typhoon" as a Chinese state-sponsored entity reportedly compromising critical U.S. infrastructure. Microsoft’s website claims "Volt Typhoon" has been operational since mid-2021, primarily focusing on espionage and information gathering.
Chinese cybersecurity experts assert that over 50 professionals from the U.S., Europe, Asia, and other regions concur that the U.S. government and Microsoft have unjustly tied "Volt Typhoon" to the Chinese government without substantial evidence, expressing concern over the U.S. government's fabrication surrounding "Volt Typhoon."
The report elaborates on the U.S. "Defend Forward" strategy in cyberspace, highlighting "Hunt Forward" operations where cyber-warfare forces are deployed for close reconnaissance and network infiltration against adversarial nations.
The investigation revealed that U.S. intelligence agencies have fashioned a specialized stealth "toolkit" known as "Marble" to obfuscate their Computer Network Exploitation operations, mislead attribution analyses, and falsely assign blame to other nations.
This "toolkit" is described as a framework that integrates with various cyber weapons development projects, enabling developers to obfuscate identifiable strings in code, effectively "erasing" the fingerprints of cyber weapons creators. This tactic resembles altering the "rifling" of firearms, complicating efforts to attribute the real origins of cyber weapons.
Moreover, the "Marble" framework reportedly includes a "dirty" feature that permits the insertion of strings in multiple languages—such as Chinese, Russian, Korean, Persian, and Arabic—clarifying that this is designed to mislead investigators and tarnish the reputations of the associated nations.
The nature of this false flag operation extends beyond mere coding to emulating the tactics and procedures of cybercriminal groups. As a result, hackers affiliated with U.S. cyber forces and intelligence can masquerade like "chameleons" in cyberspace, presenting themselves as if they were operating from other countries while conducting cyberattacks and espionage globally.
Such false flag activities form a crucial part of the U.S. intelligence community’s "EFFECTS Operation," which is referred to as "Online Covert Action" in the United Kingdom. Internal documents from the U.S. and the "Five Eyes Alliance" detail that these operations must conform to the "4D principle"—deny, disrupt, degrade, and deceive. These principles encapsulate key elements of the "Volt Typhoon" operation.
In its second report published in July, Chinese cybersecurity agencies disclosed that U.S. government and intelligence agencies have been concocting cyber threats abroad, orchestrating misinformation campaigns under the framework of Section 702 of the U.S. Foreign Intelligence Surveillance Act, often characterized as the "warrantless surveillance act." The latest report expands on these surveillance initiatives.
The findings suggest that the advanced internet infrastructure of the U.S. has control over significant internet "choke points" with at least seven access sites for tapping into and covering all submarine optical cables from the Atlantic to the Pacific Oceans.
The NSA has initiated two relevant projects known as "UpStream" and "Prism." "UpStream" was designed to capture and store all raw data intercepted from submarine cables, creating a vast "data reservoir" for later processing, while "Prism" categorizes this data for various internet applications in an effort to recover communication contents.
Both programs are sanctioned under Section 702 of FISA, which provides a legal framework for global internet surveillance. The report further notes that command and control centers for many spyware programs are stationed in U.S. military bases abroad, including Japan, South Korea, Guam, and Hawaii.
Consequently, it is suggested that Guam—a U.S.-controlled territory in the Pacific—is the original source of the "Volt Typhoon" false narrative propagated by the U.S. government, establishing it not as a target but as a command center directing operations against China and other Southeast Asian countries.
Through Section 702, the U.S. has constructed a sweeping global internet surveillance network, extending its reach to France, Germany, Japan, and even monitoring its own citizens involved in protests like "Black Lives Matter" and "Occupy Wall Street."
The hidden truth
Earlier reports from Chinese cybersecurity agencies regarding "Volt Typhoon" highlighted that Microsoft has enhanced its cooperation with U.S. military and intelligence agencies, with this collaboration intensifying in 2024.
The technology giant reportedly provided offline versions of its AI models to U.S. intelligence agencies, which utilized them for analyzing highly classified intelligence data, as reported by Bloomberg on May 7.
Additionally, Microsoft launched a new AI solution featuring a "Recall" feature that records every action taken by users on its Windows operating system for analysis by the AI assistant. In June, OpenAI, a Microsoft partner, welcomed former NSA Director Paul Nakasone to its board of directors.
"As an important partner in the Section 702 wiretap programs, Microsoft is increasingly influenced and manipulated by U.S. intelligence agencies," the latest report claims. "In return, it could be said that the U.S. government agencies have given the green light to Microsoft's abuse of its dominant position in the market and its use of Windows and Office updates to bundle and push software products in a way that could be perceived as a disguised form of monopoly."
The report reiterates China's consistent opposition to political interference in technical inquiries into cybersecurity incidents and the politicization of cyberattack attribution. It calls for comprehensive international cooperation in this field.
The latest findings also revisit previous reports: "Volt Typhoon: A Conspiratorial Swindling Campaign Targeting U.S. Congress and Taxpayers Conducted by U.S. Intelligence Community" and "Volt Typhoon II: A Secret Disinformation Campaign Targeting U.S. Congress and Taxpayers Conducted by U.S. Government Agencies." The conclusion drawn suggests that Washington's narrative surrounding the campaign is strategically designed to safeguard warrantless surveillance powers and the political and economic interests of various stakeholders.
For more: https://www.cverc.org.cn/head/zhaiyao/futetaifeng3_EN.pdf
Lucas Dupont for TROIB News
