The United States government and intelligence agencies carried out a false flag operation for misleading and insulting other countries and planted backdoor malware into U.S.-made IT devices to penetrate the network infrastructure of other countries, according to an investigation report released by Chinese cybersecurity agencies on Monday.<\/p>\n
We decided to publish this report for the purpose of further disclosure of the cyber espionage operations targeting China, Germany and other countries, which were launched by the U.S. government, intelligence agencies and Five Eyes countries,\u201d reads the report jointly released by China\u2019s National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention Technology.<\/p>\n
Titled \u201cVolt Typhoon III: A Cyber Espionage and Disinformation Campaign Conducted by U.S. Government Agencies,\u201d the third report on the issue slams operation \u201cVolt Typhoon\u201d as a political farce staged by the U.S. government. It says that the U.S. government agencies, mainstream media and technology giant Microsoft have remained silent about the previous two\u00a0reports released in April and July, and only former U.S. intelligence official Robert Edward Joyce and some cybersecurity firms have tried to argue and deny the findings, but avoided mentioning what was disclosed in them in an attempt to \u201cdistort facts.\u201d<\/p>\n
In February, a joint advisory by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) described \u201cVolt Typhoon\u201d as a Chinese state-sponsored actor that has allegedly compromised and maintains persistent access to critical U.S. infrastructure. On its official website, Microsoft claimed \u201cVolt Typhoon\u201d has been active since mid-2021 and typically focuses on espionage and information gathering.<\/p>\n
According to Chinese cybersecurity agencies, over 50 cyber security experts from the U.S., Europe, Asia and other countries and regions agree that the U.S. government and Microsoft have linked \u201cVolt Typhoon\u201d to the Chinese government without any concrete evidence, also expressing concern about the U.S. government\u2019s fabrication of \u201cVolt Typhoon.\u201d<\/p>\n
The report explains how the U.S. maintains a \u201cDefend Forward\u201d strategy in cyberspace and has implemented \u201cHunt Forward\u201d operations for deploying cyber-warfare forces surrounding adversary countries to conduct close-in reconnaissance and network penetration.
The investigation found that U.S. intelligence agencies have developed a customized stealth \u201ctoolkit\u201d codenamed \u201cMarble\u201d to cover up their Computer Network Exploitation (CNE) operation, mislead attribution analysis and place blame on other countries.<\/p>\n
The report argues that the \u201ctoolkit\u201d is a framework that can be integrated with other cyber weapons development projects, assisting developers to obfuscate various identifiable strings in program code, effectively \u201cerasing\u201d the \u201cfingerprints\u201d of cyber weapons developers, which is similar to changing the \u201crifling\u201d of \u201cfirearms,\u201d making it technically impossible to attribute the true source of cyber weapons technically.<\/p>\n
In addition, the investigation found the \u201cMarble\u201d framework also has a \u201cdirty\u201d feature, which is the ability to insert strings in other languages at will, such as Chinese, Russian, Korean, Persian and Arabic. \u201cThis is clearly intended to mislead investigators and defame China, Russia, North Korea, Iran and Arab countries,\u201d the report adds.<\/p>\n
This kind of false flag operation is not limited to coding, but also includes imitating the tactics, techniques and procedures (TTPs) of cybercrime groups. Therefore, hackers working for U.S. cyber forces and intelligence agencies can disguise themselves like \u201cchameleons\u201d in cyberspace, pretending to be located in other countries to carry out cyberattacks and espionage around the world.<\/p>\n
The false flag operation is actually an important component of the U.S. intelligence agency\u2019s \u201cEFFECTS Operation,\u201d known as the \u201cOnline Covert Action\u201d in the United Kingdom. The internal documents of the U.S. and \u201cFive Eyes Alliance\u201d clearly indicate that the implementation of this \u201cEFFECTS Operation\u201d must adhere to the \u201c4D principle\u201d \u2013 deny, disrupt, degrade and deceive. And these four main principles precisely cover all the core elements of the \u201cVolt Typhoon\u201d operation.<\/p>\n
In its second edition, published in July, the report by\u00a0Chinese cybersecurity agencies had disclosed that U.S. government agencies \u2013 and intelligence agencies in particular \u2013 have been fabricating cyber threats abroad, conducting misinformation operations in the context of Section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA), often referred to as the \u201cwarrantless surveillance act.\u201d The latest report provides new details on the surveillance programs.<\/p>\n
It suggests that advanced U.S. internet infrastructure has controlled key internet \u201cchoke points\u201d and there are at least seven access sites for tapping and with coverage of all submarine optical cables from the Atlantic to the Pacific Oceans.<\/p>\n
The NSA has launched two relevant projects, \u201cUpStream\u201d and \u201cPrism.\u201d \u201cUpStream\u201d was designed to store all raw data intercepted from submarine optical cables and to build a huge \u201cdata reservoir\u201d for subsequent processing. \u201cPrism\u201d would decode the data and categorize them\u00a0by\u00a0many different internet applications, then try to recover the content of communications.<\/p>\n
Both projects were authorized by Section 702 of FISA, which has provided the legal basis for spying on the internet globally, according to the latest report, which also notes that many of the spyware programs\u2019 command and control centers are located in U.S. overseas military bases, including Japan, South Korea, Guam and Hawaii.<\/p>\n
That explains why Guam, a U.S.-controlled territory in the Pacific Ocean, is believed to be the original source of the \u201cVolt Typhoon\u201d false narrative created by the U.S. government. So, the U.S. military infrastructure in Guam is not a \u201cvictim\u201d but the command and control center that attacks China and many Southeast Asian countries.<\/p>\n
Through the authorization of Section 702, the U.S. has established a large-scale global internet surveillance network, extending operations against France, Germany, Japan and even its own citizens involved in \u201cBlack Lives Matter\u201d and \u201cOccupy Wall Street\u201d protests.<\/p>\n
Previous two reports by Chinese cybersecurity agencies on \u201cVolt Typhoon\u201d said that Microsoft increased its cooperation with the U.S. military and intelligence agencies, and that cooperation has intensified in 2024.<\/p>\n
The U.S. technology giant provided offline versions of its artificial intelligence models and assistance to U.S. intelligence agencies, where they were used to help analyze highly classified intelligence information, according to Bloomberg\u2019s report on May 7.<\/p>\n
The same month, Microsoft released a new AI solution and introduced the \u201cRecall\u201d feature, which allows the Windows operating system to record every action taken by the user and provide it to the AI assistant for learning. In June, OpenAI, a company partnered with Microsoft,\u00a0welcomed former NSA Director Paul Nakasone as a member of its board of directors.
\u201cAs an important partner in the Section 702 wiretap programs, Microsoft is increasingly influenced and manipulated by U.S. intelligence agencies,\u201d\u00a0the latest report says. \u201cIn return, it could be said that the U.S. government agencies have given the green light to Microsoft\u2019s abuse of its dominant position in the market and its use of Windows and Office updates to bundle and push software products in a way that could be perceived as a disguised form of monopoly.\u201d<\/p>\n
The report\u00a0also reiterates that China has consistently opposed the political interference in technical investigations into cybersecurity incidents and the politicizing of the issue of cyberattack attribution, urging extensive international collaboration in cybersecurity.<\/p>\n
The report also revisits the former two editions: \u201cVolt Typhoon: A Conspiratorial Swindling Campaign Targeting U.S. Congress and Taxpayers Conducted by U.S. Intelligence Community\u201d and \u201cVolt Typhoon II: A Secret Disinformation Campaign Targeting U.S. Congress and Taxpayers Conducted by U.S.<\/p>\n
Government Agencies,\u201d concluding that Washington\u2019s narrative about the campaign was designed to protect the warrant-less snooping powers on massive surveillance globally, and the political and economic benefits of the group of stakeholders.<\/p>","protected":false},"excerpt":{"rendered":"
The United States government and intelligence agencies carried out a false flag operation for misleading and insulting other countries and planted backdoor malware into U.S.-made IT devices to penetrate the network infrastructure of other countries, according to an investigation report released by Chinese cybersecurity agencies on Monday. We decided to publish this report for the […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-99343","post","type-post","status-publish","format-standard","hentry","category-uncategorized","entry"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts\/99343","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/comments?post=99343"}],"version-history":[{"count":0,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/posts\/99343\/revisions"}],"wp:attachment":[{"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/media?parent=99343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/categories?post=99343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chezaspin.com\/blog\/wp-json\/wp\/v2\/tags?post=99343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}