China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports.—————————————————————————————————————————————China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the [Volt Typhoon](https://securityaffairs.com/155797/apt/volt-typhoon-linked-to-kv-botnet.html) campaign.According to the Wall Street Journal, at a December Geneva summit, Chinese officials indirectly admitted to Volt Typhoon cyberattacks on U.S. infrastructure, reportedly linked to U.S. Taiwan support.Chinese officials’ ambiguous remarks at a December meeting were interpreted by the members of the U.S. delegation as a tacit admission of involvement in cyberattacks linked to Volt Typhoon.*’During the half-day meeting in Geneva, Wang Lei, a top cyber official with China’s Ministry of Foreign Affairs, indicated that the infrastructure hacks resulted from the U.S.’s military backing of Taiwan, an island Beijing claims as its own, according to current and former U.S. officials familiar with the conversation.’ [states the WSJ](https://www.wsj.com/politics/national-security/in-secret-meeting-china-acknowledged-role-in-u-s-infrastructure-hacks-c5ab37cb). ‘Wang or the other Chinese officials didn’t directly state that China was responsible for the hacking, the U.S. officials said. But American officials present and others later briefed on the meeting perceived the comments as confirmation of Beijing’s role and was intended to scare the U.S. from involving itself if a conflict erupts in the Taiwan Strait. ‘*At the Geneva summit, U.S. officials learned of China’s aggressive [Salt Typhoon](https://securityaffairs.com/171692/apt/china-salt-typhoon-breached-telecommunications.html) cyber operations, which [targeted telecom networks](https://securityaffairs.com/174226/apt/salt-typhoon-exploited-cisco-ios-xe-flaws.html) like AT-&T and Verizon, spying on unencrypted calls and texts of political figures. While the focus shifted to Volt Typhoon attacks on infrastructure, the tacit admission highlighted China’s willingness to use cyber capabilities to warn the U.S. over Taiwan.In May 2024, Microsoft [**reported**](https://securityaffairs.com/146649/hacking/china-linked-apt-volt-typhoon.html) that the Volt Typhoon APT [infiltrated](https://securityaffairs.com/155797/apt/volt-typhoon-linked-to-kv-botnet.html) critical infrastructure organizations in the U.S. and Guam without being detected. The group managed to maintain access without being detected for as long as possible.According to Microsoft, the campaign aimed at building capabilities that could disrupt critical communications infrastructure between the United States and Asia region in the case of future crises.The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure. In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.The APT group is using almost exclusively [living-off-the-land techniques](https://www.microsoft.com/en-us/security/blog/2018/09/27/out-of-sight-but-not-invisible-defeating-fileless-malware-with-behavior-monitoring-amsi-and-next-gen-av/) and hands-on-keyboard activity to evade detection.Follow me on Twitter: [**@securityaffairs**](https://twitter.com/securityaffairs) and [**Facebook**](https://www.facebook.com/sec.affairs) and [**Mastodon**](https://infosec.exchange/@securityaffairs)[**Pierluigi Paganini**](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)**(** [**SecurityAffairs**](http://securityaffairs.co/wordpress/)**–** **hacking, China)**
Related Tags:
DEV-0391
UNC3236
Voltzite
Vanguard Panda
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 517 – Telecommunications
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 51 – Information
Associated Indicators: