Volt Typhoon and Salt Typhoon: A new generation of hackers smarter than traditional security systems
In recent months, it has become increasingly clear that the cyber threats posed by Chinese hacking groups Volt Typhoon and Salt Typhoon go far beyond espionage targeting government entities. These attacks are not about stealing data — they are about infiltration. Slow, stealthy, and strategically calculated. The objective is to establish persistent access to critical infrastructure systems, which can later be used as leverage against entire industries and even nation-states.While the majority of activity has so far been recorded in the United States, other countries — particularly members of the Five Eyes intelligence alliance, including the UK and several European nations — are also at risk. Volt Typhoon has already breached power grids, transportation networks, water systems, and communications infrastructure, while Salt Typhoon is focused on telecommunications, a globally vital sector. If your company has any connection to these industries, consider yourself a potential target.
Modern business operates in an interconnected ecosystem, where an attack on one country can ripple through the global supply chain. U.S.-based companies that have been targeted often maintain offices and suppliers in Europe and Asia. With its vast cyber capabilities and a strategic interest in undermining international intelligence-sharing networks, China is logically extending its cyber operations worldwide. Similar tactics were observed in the Flax Typhoon campaign against Taiwan. The question is no longer if such intrusions will reach Europe — but whether anyone is prepared for them.
State-sponsored groups aren’t chasing ransomware payouts or quick profit. Their focus is on control, stealth, and influence. They look for vulnerabilities not just to exploit them, but to maintain long-term strategic presence, especially in sectors like energy, transportation, water, education, and telecommunications. The consequences of a successful attack could be catastrophic — from disrupted water supplies to power outages and communications breakdowns.
Yet, many organizations still fail to treat cybersecurity as a strategic imperative. At the board level, it’s too often seen as an internal IT issue, not a systemic risk. However, even third-party vendors and contractors supporting critical infrastructure must now prioritize the resilience of their systems — or risk opening the door to hostile interference.
It’s important to note: despite growing discussions around AI-based cyber threats, both Volt Typhoon and Salt Typhoon currently operate using traditional methods — exploiting known vulnerabilities and moving through systems methodically, often with greater efficiency than corporate security teams can respond to. That said, China is rapidly incorporating automation, data analytics, and process acceleration into its operations. Even without “next-gen” viruses, attackers are already outpacing most companies’ ability to react.
The situation is worsened by weak technical defenses. Classic tools like antivirus software, firewalls, and intrusion detection systems are no longer enough. The main vulnerability today is a lack of visibility and transparency within networks — especially in IoT devices, industrial control systems, and network infrastructure, which often don’t support conventional security tools. This gives attackers nearly complete freedom to infiltrate, remain, and move laterally inside a system — undetected.
Volt Typhoon is notorious for employing a “living off the land” tactic — where malicious activity is disguised as normal system behavior, making it virtually invisible to traditional security solutions. The only effective countermeasure is constant real-time network monitoring, anomaly detection, and the integration of threat intelligence. Relying on perimeter defenses alone is a losing strategy.
Organizations involved in critical infrastructure must recognize that cyber resilience today is as vital as financial stability. It's not just about protecting against future threats — it’s about acknowledging that a breach may have already occurred and being ready to act. This includes tightening supply chain controls, participating in threat intelligence-sharing programs, conducting continuous employee training, and running attack simulation drills. Only a proactive approach offers a real chance of withstanding these threats.
We are just beginning to understand the scope of Salt Typhoon’s campaign and the vulnerabilities it has exposed. But one thing is clear: this is not a regional issue — it is a front in a global cyber war, where the stakes are national security and economic resilience. In a world where companies manage tens or hundreds of thousands of connected devices, cutting-edge monitoring technology is essential. Without it, there’s no stopping the attacks that have already begun — but remain unseen.
