October 15, 2024 at 04:54AM
China’s CVERC claims the Volt Typhoon cyber threat is a U.S. fabrication, alleging U.S. cyber espionage against multiple countries. They assert there’s strong evidence of U.S. false flag operations and misuse of technology to mislead investigations. The report calls for international collaboration on cybersecurity and counter-threat technology.
**Meeting Takeaways:**
1. **CVERC’s Position on Volt Typhoon:**
– China’s National Computer Virus Emergency Response Center (CVERC) claims that the threat actor “Volt Typhoon” is a U.S.-fabricated entity intended to mislead.
2. **Accusations Against the U.S.:**
– CVERC accuses the U.S. and its allies of engaging in cyber espionage targeting multiple countries, including China, France, Germany, and Japan.
– Claims of “ironclad evidence” are presented, alleging that the U.S. conducts false flag operations to disguise its own cyber attacks.
3. **Volt Typhoon’s Alleged Activities:**
– Volt Typhoon is identified as a China-associated cyber espionage group active since 2019, reportedly infiltrating critical infrastructure by compromising edge devices.
4. **Recent Actions Linked to Volt Typhoon:**
– The group was connected to a zero-day exploit affecting Versa Director, facilitating credential theft and executing arbitrary code.
5. **Patterns in Cyber Intrusion:**
– Evidence indicates a pattern of using edge devices as Operational Relay Boxes (ORBs) to avoid detection in attack campaigns attributed to Chinese threat actors.
6. **Expert Concerns and U.S. Toolkit:**
– Over 50 international security experts reportedly expressed concerns to CVERC regarding the so-called U.S. false narrative on Volt Typhoon.
– CVERC claims the existence of a U.S. toolkit (Marble) designed to obscure attribution of cyber attacks by inserting misleading language strings.
7. **U.S. Surveillance Allegations:**
– The report accuses the U.S. of using its technological and geographic advantages for global internet surveillance through control over trans-oceanic fiber optic cables.
8. **Geopolitical Naming Practices:**
– CVERC criticizes cybersecurity companies for using names with geopolitical implications for threat groups, highlighting names like “typhoon,” “panda,” and “dragon.”
9. **Call for International Collaboration:**
– The report concludes with a call for greater international cooperation in cybersecurity and better focus on the development of counter-cyber threat technologies.
These takeaways capture the critical points from the meeting notes regarding the ongoing cyber espionage allegations and the geopolitical dynamics at play.