Last Wednesday, January 31, a press release from the United State Department of Justice stated the US government has taken down a botnet used by Volt Typhoon, a Chinese state-sponsored advanced persistent threat (APT) group targeting US critical infrastructure. In testimony before a committee of the US House of Representatives, FBI director Chris Wray warned “Chinese government hackers are busily targeting water treatment plants, the electrical grid, transportation systems and other critical infrastructure inside the US,” … “in preparation to wreak havoc and cause real-world harm to American citizens and communities…”

The state-backed Chinese threat group Volt Typhoon first came to public attention in May 2023 when Microsoft reported the group’s “stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the US.” Microsoft assessed the “Volt Typhoon c…