Concealing Conspiracy and Stealing Ears - Revealing the Insider of US Government Agencies Producing Typhoon Volt

The National Computer Virus Emergency Response Center of China, the National Engineering Laboratory of Computer Virus Prevention and Control Technology, and 360 Digital Security Group jointly released a special report on April 15th, conducting the first traceability analysis of the real source of the so-called "Typhoon Volt" organization hyped up by the US, revealing the true face of the organization's extortion virus criminal gang and the behind the scenes truth behind the US's hype in China.

Recently, the joint technical team has comprehensively analyzed the real hammer data that various parties have collaborated to grasp, and combined with the latest survey results to fully restore the scene of this smear campaign against China. The "Typhoon Volt" operation is a false information and public opinion manipulation operation planned behind the scenes by US intelligence agencies, with the participation of anti China members of the US Congress, multiple federal government administrative units, and the national cybersecurity authorities of the "Five Eyes Alliance". It conforms to the typical characteristics of American style online marketing and belongs to a thorough "cognitive domain" operation based on precise advertising delivery.

Three Doubts Reveal the Insider of Artillery Warning

By further listing and analyzing reports released by US agencies, actions taken by US government administrative departments, and statements by important US politicians, it is found that the so-called evidence and related statements by the US side are contradictory, with three main doubts.

Doubt 1: Tampering existing evidence and staging a real-life version of "robbing the bell". Earlier, in a report released by the joint technical team, a traceability analysis of Typhoon Volt revealed that it was closely related to a ransomware criminal gang called "dark forces" disclosed by the US threat alliance company. After the report was released, the United States, in order to cover up the evidence, actually instructed Threat Alliance Company to tamper with the content of the already released report, staged a real-life version of "hiding one's ears and stealing the bell".

According to anonymous sources from Threat Alliance, the report was modified after being pressured by relevant US government departments. It can be inferred that there are widespread cases of US cybersecurity companies being manipulated by relevant government departments.

Doubt 2: The US government and cybersecurity companies have not yet aligned their perspectives. The National Warning Notice of the Five Eyes Alliance claimed that Typhoon Volt had invaded network equipment produced by suppliers such as NetEase in the United States and used it as a springboard for further attacks. Flipping through the security announcement released by NetEase Inc. in the United States, it publicly stated that it has not yet discovered any vulnerability attack activities by the so-called "Typhoon Volt" organization against the company's products.

Coincidentally, the technical team has discovered more than one public "slap in the face" incident, which is enough to prove that the warning notifications prepared by the "Five Eyes Alliance" countries have not been unanimously recognized by relevant domestic cybersecurity companies in the United States, and the US cybersecurity regulatory authorities involved in the investigation have clearly not shared specific attack cases and technical details with the relevant companies.

Doubt three: Contradictions between the actions of the US cybersecurity regulatory authorities. On January 31, 2024, the US Department of Justice website publicly released a notice stating that a special operation had been launched in December 2023, successfully clearing KV botnet programs from hundreds of routers across the United States and disrupting the efforts of so-called "Chinese state supported hackers" to invade US critical infrastructure.

However, on April 18, 2024, the Director of the Federal Bureau of Investigation publicly stated that "hacker organizations related to the Chinese government have infiltrated critical infrastructure in the United States and are waiting for the appropriate time to carry out destructive strikes.". After more than two months, there has been a serious contradiction between US government agencies and the topic of thwarting so-called "Chinese cyber attacks".

The hidden conspiracy of Typhoon Volt

Despite the numerous doubts and ambiguities, the US cybersecurity authorities still insist on fabricating a so-called "state backed" hacker organization that appears plump but is actually riddled with holes. This inevitably raises doubts about the deeper motives behind it.

After continuous tracking and analysis, the technical team has clearly captured that US intelligence agencies have abused their administrative power, manipulated cybersecurity companies and other administrative agencies, created and spread false information, fabricated and exaggerated the "Chinese cyber threat theory", and actually hidden conspiracies behind it.

This is to intimidate American taxpayers and members of Congress, suppress domestic opposition, infringe on the legitimate rights and interests of Chinese enterprises, push for the continuation of Section 702 of the US Foreign Intelligence Surveillance Act, which is known as the "Unlicensed Surveillance Act," and seek approval from Congress for larger budget investments, further consolidating and strengthening the network penetration capabilities of US intelligence agencies, especially strengthening their ability to attack and deter competitors externally, and monitoring and controlling the public internally.

In this context, US intelligence agencies jointly launched the "Typhoon Volt" plan to address the two pressing issues mentioned above. According to the analysis of the technical team, the "Typhoon Volt" plan started at least early 2023 and is likely to start earlier. Planning and organizing the implementation of such a plan involving multiple departments, countries, and numerous private enterprises will inevitably require a lot of time. Based on the actual implementation of the plan in the future, it can be roughly divided into three stages.

Preparation stage (January 2023 to May 2023): The main task of this stage is to fabricate a "Chinese government supported" hacker organization's cyber attack on the United States, and find a "leader" to expose this matter.

Challenge Phase (June 2023 to January 2024): There are two key tasks in the second phase, one is to ensure the extension of "702 clause", and the other is to strive for an increase in budget in the fiscal year 2025. During this period, several American companies followed suit to hype up the "Typhoon Volt" and continued to stir up the "China threat theory". At this stage, the goals of the "Typhoon Volt" plan were initially achieved, but the authorization period of the "702 clause" was only extended to April 19, 2024, far from meeting expectations.

Achievement consolidation stage (February 2024 to April 2024): During this stage, various US intelligence agencies continue to use the so-called "Typhoon Volt" organization to portray China's cybersecurity threats according to established plans, and once again use the "Five Eyes Alliance" intelligence cooperation mechanism to create a favorable public opinion atmosphere for the renewal of "702 clause".

Finally, on April 19, 2024, during the deadline authorized by Section 702, the United States Senate passed the bill with 60 votes to 34. In the next two years, the US intelligence agencies not only retained their power and obtained higher budgets, but also expanded their surveillance coverage.

The US government agency is the "behind the scenes boss" of the plan

Based on existing data analysis, over the past year from May 2023 to present, the total number of cyber attacks by hacker organizations with a background in US government agencies against the Chinese government, universities, research institutions, large enterprises, and critical infrastructure has exceeded 45 million times. More than 140 victim units have been clearly targeted, and attack weapon samples found in the systems of these victim units point to departments such as the Central Intelligence Agency, National Security Agency, and Federal Bureau of Investigation. These attack actions are all authorized under the 702 clause.

Through a review of the "Typhoon Volt" plan, it can be concluded that such a massive plan involving numerous countries, institutions, businesses, and political figures inevitably requires strong power and resources as guarantees, and the US government agencies are the "behind the scenes boss" of the plan, while the US intelligence agencies are only responsible for specific planning and execution.

The "Typhoon Volt" plan once again showcases the essence of American "money politics" to the world, which is an inevitable product of the escalating "political struggle" and "interest struggle" within the United States, as well as the international hegemonism that the United States strives to maintain. The behavior of American politicians exporting internal conflicts for their own interests and seriously damaging China's interests is intolerable to all Chinese people.

In the future, plans similar to Typhoon Volt will continue to be planned and implemented by the next US government agency. US cybersecurity companies will fabricate more false narratives of "foreign government supported cyber attacks" under the manipulation of US intelligence agencies, constantly deceiving the US government to approve more budgets and increasing the debt burden on US taxpayers.

Peace loving countries and people around the world should be vigilant. The US 702 clause is an important legal basis for the US government to build a "hacker empire", which poses a serious threat not only to the American people, but also to the sovereignty, security, and personal privacy rights of all countries around the world, including China. Governments and people of all countries should firmly oppose and resist the malicious behavior of US government agencies using the advantages of network technology to infringe on the sovereignty and legitimate interests of other countries and people.