China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it

Enough with the racist-sounding 'dragons' and 'pandas', Beijing complains – then points the finger at koalas

Chinese authorities have published another set of allegations that assert the Volt Typhoon cyber-crew is an invention of the US and its allies, and not a crew run by Beijing.

Published on Monday in five languages, a document titled "Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies" largely revisits the content of a similar document published in July.

Volt Typhoon is accused by Five Eyes nations of being a Beijing-backed team that targets American networks and critical infrastructure.

In its latest document, China's National Computer Virus Emergency Response Center (CVERC) and National Engineering Laboratory for Computer Virus Prevention Technology claim that Beijing's previous publications on the matter saw over 50 cybersecurity experts contact it to share their belief that US authorities and Microsoft lacked evidence to associate Volt Typhoon with China.

But the document doesn't disclose the identity of those experts, nor the basis for their analysis.

The document does go over a lot of old ground, detailing known US capabilities and efforts – such as Section 702 warrantless surveillance of foreigners. It also points out that the US ran the PRISM data collection program, and the National Security Agency's Office of Tailored Access Operation spyware operations – both exposed by Edward Snowden in 2013. The Marble framework used by the CIA to obfuscate its cyber-ops, revealed by Wikileaks in 2017, is also mentioned.

The abovementioned activities and tools, CVERC argues, are just the sort of thing of which Volt Typhoon has been accused. Volt Typhoon is therefore American and China's involvement is made up. QED.

Another passage that caught The Register's eye suggests that analysis of online attacks follows a certain pattern:

To cater to US politicians, government bodies and intelligence agencies, some US companies, such as Microsoft and CrowdStrike, for their commercial interest and without sufficient evidence and rigorous technical analysis, have been keen on coining various absurd code names with obvious geopolitical overtones for cyber-spy groups, such as 'typhoon', 'panda', and 'dragon' instead of 'Anglo-Saxon' 'hurricane', and 'koala'.

The authors may have a point about Orientalism being a factor in infosec reporting.

But they're well off the mark criticizing koalas, as the marsupial's name is derived from the language of Australia's Dharug people and is not Anglo-Saxon at all. Further, koalas are almost entirely placid and spend most of their lives sleeping or chewing leaves. They're a terrible metaphor for anything other than languor - as are pandas.

The document ends with a call for international collaboration in infosec, and for vendors to "focus on counter-cyber threat technology research and better products and services for users."

That last point may be fair enough, given recent woes at Microsoft and CrowdStrike.

The Register eagerly awaits the next volume in this series, which will surely accuse Washington of also running the Salt Typhoon group accused of infiltrating US ISPs at Beijing's behest. ®

More about

TIP US OFF

Send us news


Other stories you might like