NSA says Volt Typhoon was ‘not successful’ at persisting in critical infrastructure

News
By published

The Chinese threat actor wanted to lurk in the shadows

wo human figure including America and China flag are in confrontation on the world background
(Image credit: Shutterstock)
  • NSA seniors spoke at the International Conference on Cyber Security at Fordham University in New York City
  • They claim Volt Typhoon wanted to lurk in US critical infrastructure in case of war with the US over Taiwan
  • The campaign was a failure since the threat actors were removed, NSA says

Volt Typhoon, a Chinese state-sponsored threat actor which targeted critical US infrastructure, failed to achieve its main objective - to maintain long-term, invisible persistence on key targets.

This is according to senior cybersecurity officials from the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI).

Speaking at the recent International Conference on Cyber Security at Fordham University in New York City, the agents discussed the “Typhoon” campaign as a whole, and confirmed that it was laying groundwork for a potential escalation of conflict over Taiwan.

No persistence maintained

“The good news is, they really failed. They wanted to persist in domestic networks very quietly for a very long time so that if and when they needed to disrupt those networks, they could. They were not successful in that campaign,” said Kristina Walter, director of the NSA’s Cybersecurity Collaboration Center.

“We, with private sector, with FBI, found them, understood how they were using the operating systems, how they're using legitimate credentials to maintain persistence, and frankly, we equipped the entire private sector and U.S. government to hunt for them and detect them.”

Being able to breach security systems and access critical infrastructure should be cause for concern in its own right, though.

In mid-March 2025, it was reported Volt Typhoon had access to Massachusetts’ Littleton Electric Light and Water Departments (LELWD)’s operational technology (OT) network for ten months in 2023. The intrusion lasted from February to November 2023.

Before that, in January 2025, Volt Typhoon was allegedly targeting the critical infrastructure of small island nation Guam, looking to disrupt and sabotage services in the region, reportedly targeting the GPA (Guam Power Authority) to wreak havoc on the island, which is home to a large US military base.

Via The Record

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.