People’s Republic of China (PRC) State-Sponsored Volt Typhoon Identified by CISA as Cyber Threat Actor

Blue World Map on Computer Screen

People’s Republic of China (PRC) State-Sponsored Volt Typhoon Identified by CISA as Cyber Threat Actor

The Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA) on February 7, 2024 to alert critical infrastructure organizations about impending cyber attacks from Chinese state-sponsored cyber groups, most notably Volt Typhoon. These groups have infiltrated the IT environments of several organizations focused on communications, energy, transportation, water, and wastewater systems. Their behavior on these networks is indicative of prepping for an attack on OT (operational technology) assets. An attack of this nature could disrupt machines, sensors, and control systems needed to maintain U.S. critical infrastructure.

Several recommendations have been issued for organizations effected by Volt Typhoon, and other similar state-sponsored cyber groups. A key first step is to ensure all vulnerabilities are identified and products are patched accordingly. Fortinet, Ivanti, NETGEAR, Citrix, and Cisco Devices are just some of the products that have been exploited in the past. Additionally, organizations should consider implementing multi-factor authentication for all accounts and providing cyber security training for users (Arctic Wolf). Finally, organizations should maintain logs and prepare in advance for necessary technology changes and updates (CISA).

Date of event: February 7, 2024


  • At least 30% of Cisco RV320/325 Devices were compromised (Security Scorecard)
  • Volt Typhoon has infiltrated Australia, Canada, the United Kingdom, and previously caused disruptions among African nations.  (Barracuda)
  • This infiltration creates the potential to cripple U.S. computer systems and can be weaponized in a time of conflict (Newsweek)

Related Resources: 

HSDL Featured Topics: Cyber Crime and National Security | Cyber Infrastructure Protection | Ransomware

HSDL Search: Cyber Attacks | National Security Intelligence Gathering

Scroll to Top