Chinese authorities have published another set of allegations that assert the Volt Typhoon threat actor is an invention of the US and its allies, and not a crew run by Beijing.
Published on Monday in five languages, a document titled "Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies" largely revisits the content of a similar document published in July.
In its latest document, China's National Computer Virus Emergency Response Center (CVERC) and National Engineering Laboratory for Computer Virus Prevention Technology claim that Beijing's previous publications on the matter saw over 50 cyber security experts contact it to share their belief that US authorities and Microsoft lacked evidence to associate Volt Typhoon with China.
But the document doesn't disclose the identity of those experts, nor the basis for their analysis.
The document does go over a lot of old ground, detailing known US capabilities and efforts – such as Section 702 warrantless surveillance of foreigners. It also points out that the US ran the PRISM data collection program, and the National Security Agency's Office of Tailored Access Operation spyware operations – both exposed by Edward Snowden in 2013. The Marble framework used by the CIA to obfuscate its cyber-ops, revealed by Wikileaks in 2017, is also mentioned.
The abovementioned activities and tools, CVERC argues, are just the sort of thing of which Volt Typhoon has been accused. Volt Typhoon is therefore American and China's involvement is made up. QED.
- US lawmakers seek answers on alleged Salt Typhoon breach of telecom giants
- Beijing's attack gang Volt Typhoon was a false flag inside job conspiracy: China
- Chinese cyberspies reportedly breached Verizon, AT&T, Lumen
- Chinese spies spent months inside aerospace engineering firm's network via legacy IT
Another passage that caught The Register's eye suggests that analysis of online attacks follows a certain pattern:
The authors may have a point about Orientalism being a factor in infosec reporting.
But they're well off the mark criticizing koalas, as the marsupial's name is derived from the language of Australia's Dharug people and is not Anglo-Saxon at all. Further, koalas are almost entirely placid and spend most of their lives sleeping or chewing leaves. They're a terrible metaphor for anything other than languor - as are pandas.
The document ends with a call for international collaboration in infosec, and for vendors to "focus on counter-cyber threat technology research and better products and services for users."
That last point may be fair enough, given recent woes at Microsoft and CrowdStrike.
The Register eagerly awaits the next volume in this series, which will surely accuse the US of also running the Salt Typhoon group accused of infiltrating US ISPs at Beijing's behest. ®