US side stays silent after US company found to have revised evidence after truth about 'Volt Typhoon' revealed
After China released an investigation report on Volt Typhoon, the US, in order to cover up the evidence, instructed related companies to change the content of report they released previously, completely disregarding the traces left during the operation, the Global Times learned on Sunday. However, the US Embassy in China and company involved stayed silent when the Global Times reached for comments.
On May 24, 2023, the cybersecurity authorities from The Five Eyes countries - the US, the UK, Australia, Canada and New Zealand, issued a joint cybersecurity advisory, claiming that they had discovered a cluster of activities of interest associated with a "China state-sponsored cyber actor," known as Volt Typhoon, and these activities "affected networks across US critical infrastructure sectors."
In response, China's National Computer Virus Emergency Response Center (CVERC), National Engineering Laboratory for Computer Virus Prevention Technology and 360 Digital Security Group conducted a joint investigation and further analysis found that Volt Typhoon has more correlation with ransomware group and other cybercriminals.
After the release of the investigation report on "Volt Typhoon" in April this year, the Chinese joint investigation team continued to track the actions and intentions of the US in creating the "Volt Typhoon" false narrative.
"We conducted verification analysis based on the indicators of compromise (IoCs) of the so-called 'Volt Typhoon' organization in the US, and found that this organization is closely related to a ransomware criminal group called Dark Power disclosed by ThreatMon, a US cybersecurity vendor," a researcher from CVERC told the Global Times on Sunday.
The report directly quotes the content of the ThreatMon report and discloses the associated IP address information hidden behind the back cover image." The researcher said that after the release of the investigation report, the US side instructed ThreatMon to openly change the content of the report, the entire report has been expanded from 17 pages to 20 pages, but the crucial evidence of the associated IP address, which was originally located behind the back cover image, is now nowhere to be found.
The Global Times has sent an email to the US Embassy in China asking for comments on the contents revealed in the report. The US Embassy in China has not responded and had remained silent as of press time.
After CVERC released a report on April 15 disclosing the false narrative of "Volt Typhoon", the US Embassy in China and Microsoft which were contacted by the Global Times for comment and gave no response as of press time.
During a press conference on Monday, Lin Jian, spokesperson of China's Ministry of Foreign Affairs said that the latest report further revealed that this disinformation campaign is conceived by NSA, FBI and other members of the US intelligence community with the participation of congressional China hawks and multiple federal agencies as well as cybersecurity agencies from other Five Eye countries, and aimed to manipulate public opinion.
Till this day, the US still owes us an explanation after the previous report was released, and the US NSA chief continues to spread disinformation about "Volt Typhoon," said Lin.
What is worse, the latest report exposed that the US government has been pressuring a cybersecurity company and asking it to rewrite its tech analysis that proves "Volt Typhoon" to be a ransomware group. This is a clumsy cover-up tactic and clearly has not and will not work, Lin said.
He noted that China strongly condemns the irresponsible behavior of the US. The US still owes us an explanation, and should stop its smears and vilification against China at once. We urge the US to act responsibly and contribute to the peace and security of the cyberspace.
ThreatMon did not respond to Global Times's inquiries about revising and changing the report as of press time.
Zhuo Hua, an expert on international affairs at the School of International Relations at Beijing Foreign Studies University told the Global Times on Monday that, "The new report more comprehensively exposes the US's intentions and operational process of framing China. China has mastered a complete chain of evidence, sufficient to prove that the so-called 'Volt Typhoon' is orchestrated by US intelligence agencies. Technically, it is self-produced and self-sold, and politically, it is a self-directed and self-acted international false narrative, which can be fully defined as a cognitive domain operation against China."
"In the field of international cybersecurity, the US is the least qualified to point fingers because it has no national credibility in this area. Over the past twenty years, the world has witnessed the US fabricate false intelligence to launch wars. Its intelligence agencies recklessly conduct cyber espionage and surveillance on countries, including its allies, deploy cyber weapons, and paralyze critical infrastructure of other countries through actual APT attacks. The US is the primary threat that supports cyberattacks with national power."
"Since China released the relevant investigation report in April, the US has not responded, precisely because the facts revealed by China and the US's actions in international cyberspace have left the US unable to respond," said Zhuo.
"Another alarming trend is that behind the 'Volt Typhoon' hype, we clearly see the motive of intelligence agencies to expand their powers, interest groups to squeeze Chinese companies out of the US infrastructure market, and anti-China politicians to emphasize 'national security.' This tacit understanding, even collusion, among various sectors—government, business, and finance—is leveraging the US strategy to contain China to gain political and economic benefits domestically. Once this atmosphere is formed, the US will undoubtedly concoct other incidents in the future, harming China's interests and China-US relations."