• Cyber Syrup
  • Posts
  • China Acknowledges Volt Typhoon Cyberattacks in Private U.S. Meeting

China Acknowledges Volt Typhoon Cyberattacks in Private U.S. Meeting

A previously undisclosed diplomatic exchange between U.S. and Chinese officials has shed light on China’s role in a major cyber campaign known as Volt Typhoon

April 14, 2025

In partnership with

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Find out why 1M+ professionals read Superhuman AI daily.

In 2 years you will be working for AI

Or an AI will be working for you

Here's how you can future-proof yourself:

  1. Join the Superhuman AI newsletter – read by 1M+ people at top companies

  2. Master AI tools, tutorials, and news in just 3 minutes a day

  3. Become 10X more productive using AI

Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.

China Acknowledges Volt Typhoon Cyberattacks in Private U.S. Meeting

A previously undisclosed diplomatic exchange between U.S. and Chinese officials has shed light on China’s role in a major cyber campaign known as Volt Typhoon. According to a report by The Wall Street Journal, Chinese officials implicitly admitted to carrying out cyberattacks targeting U.S. critical infrastructure during a closed-door meeting in Geneva held in December 2024.

Background: A Meeting of Strategic Importance

The meeting took place during a Geneva summit and included representatives from the Biden administration. Though Chinese officials did not issue a direct confession, sources familiar with the meeting described their statements as “indirect and somewhat ambiguous.”

However, U.S. officials interpreted the remarks as a tacit admission that China was behind the Volt Typhoon campaign, viewing the attacks as a warning or deterrent against U.S. support for Taiwan in a potential conflict scenario.

The core takeaway for the U.S. delegation was that the cyberattacks were intended to send a message and dissuade Washington from escalating its involvement in Taiwan-related matters.

Volt Typhoon: A Strategic Cyber Threat

First uncovered in 2023, Volt Typhoon is a state-sponsored Chinese cyber campaign that targeted a wide swath of U.S. critical infrastructure. The attackers used zero-day vulnerabilities and advanced persistent threat (APT) techniques to infiltrate and remain undetected in their targets for extended periods.

Affected Sectors Included:

  • Telecommunications

  • Energy and Electric Utilities

  • Transportation

  • Government Agencies

  • Information Technology

  • Manufacturing and Construction

  • Maritime Operations

Of particular concern was the revelation that Volt Typhoon actors had managed to remain embedded within parts of the U.S. electric grid for over 300 days in 2023, posing a significant risk to national security and operational continuity.

Salt Typhoon Also Discussed, but Seen Differently

During the Geneva discussions, U.S. officials also raised concerns about a separate campaign known as Salt Typhoon, another cyberespionage effort attributed to China. This campaign had compromised communications of several high-ranking U.S. officials, including access to phone calls and text messages.

However, unlike Volt Typhoon—which is viewed as a provocative and aggressive act targeting infrastructure—Salt Typhoon falls within the realm of traditional cyber espionage. U.S. intelligence agencies reportedly consider this more akin to operations they themselves conduct against geopolitical adversaries.

“While Volt Typhoon crosses a red line by threatening public safety and infrastructure, Salt Typhoon is considered part of the espionage norm in international relations,” experts suggest.

Escalating Cyber Tensions Between the U.S. and China

The Geneva summit occurred against a backdrop of growing cyber hostilities between the two nations. In recent years, both Washington and Beijing have been more vocal and public in their accusations of state-sponsored hacking.

  • The U.S. has accused China of launching attacks against private corporations, public agencies, and critical infrastructure.

  • China, in turn, has pointed to U.S. programs like PRISM and activities conducted by NSA-affiliated groups as evidence of American cyber intrusion efforts.

This tit-for-tat rhetoric has been accompanied by covert cyber operations, growing the digital front in the geopolitical rivalry between the two superpowers.

Implications and National Security Concerns

The acknowledgment of Volt Typhoon—however indirect—has significant implications for U.S. cybersecurity strategy. It validates prior intelligence assessments and underlines the need for:

  • Enhanced network monitoring and intrusion detection

  • Zero-trust architecture adoption across public and private sectors

  • Strengthened public-private collaboration for infrastructure defense

  • Diplomatic efforts to establish cyber norms and deterrence mechanisms

“Cyber operations like Volt Typhoon are not just espionage—they are groundwork for potential physical disruption in times of crisis,” warned national security analysts.

Conclusion

The behind-the-scenes recognition of Chinese involvement in the Volt Typhoon attacks signals a dangerous evolution in cyber conflict. These operations, which go beyond data theft and into the realm of infrastructure compromise, raise critical questions about digital sovereignty, deterrence, and the rules of engagement in cyberspace.

As geopolitical tensions around Taiwan and other flashpoints persist, cyberattacks will likely remain a key tool for statecraft—making cybersecurity readiness more vital than ever.