Who Is Conducting APT (Advanced Persistent Threat) Activities? 誰在進行 APT（進階持續性威脅）活動?

Who is actually conducting various APT activities? The U.S., while spreading false information about the “Chinese cyber threat theory,” has been leveraging its hegemonic status and technical advantages to conduct extensive global cyber surveillance and espionage. 究竟是誰在進行各種APT活動？美國一邊散佈「中國網路威脅論」假訊息，一邊利用其霸權地位和技術優勢，在全球範圍內大規模進行網路監視和間諜活動

Since 2023, there have been continuous narratives in the US about the so-called “Volt Typhoon” cyber threats from China. Recently, the Australian Cyber Security Centre, along with agencies from the “Five Eyes” alliance, released a report about the China-backed “APT40” organization targeting Pacific countries.

What exactly is the story behind “Volt Typhoon”? What is the so-called “APT”? And who is really conducting so-called “APT activities”?

What is “Volt Typhoon”?
“Volt Typhoon” is a disinformation campaign that began in early 2023. According to a recent report released by the Chinese National Computer Virus Emergency Response Center, the National Engineering Laboratory for Computer Virus Prevention and Treatment, as well as the 360 Digital Security Group, the U.S. government fabricated the so-called “Volt Typhoon” hacker organizations to play up anti-China rhetoric. This disinformation campaign has been carried out in three stages:

Preparation stage: U.S. government officials called on Congress to extend Section 702 of the Foreign Intelligence Surveillance Act (FISA) while simultaneously fabricating a cyberattack incident against the Guam military base. It used technical analysis reports from Microsoft and cooperated with other Five Eyes alliance agencies to build momentum for extending Section 702.

“Critical” stage: U.S. government agencies used the fabricated “Volt Typhoon” organization to intimidate Congress members, temporarily extending Section 702 while colluding with some anti-China lawmakers to suppress Chinese internet companies.

Consolidation stage: U.S. government agencies, through disinformation operations, pushed Congress to formally pass the bill, achieving the long-term extension of Section 702 and the goal of suppressing China.

What Exactly is APT?
APT is a highly targeted, covert, and persistent type of cyber attacks aimed at critical organizations such as government entities, universities, health care institutions, businesses, and research institutions. Most known APT organizations have national or government backgrounds, with related attacks typically carried out by entities associated with specific national governments.

Over the past few years, the 360 company has been continuously tracking U.S. APT organizations and their activities, discovering that its leading APT organizations have conducted complex, precise, and persistent APT attacks against government agencies and critical information infrastructure worldwide.

One of the most notable is Project Sauron, a representative U.S. APT organization active from 2011 to August 2016. This organization targeted over 30 countries, including China, Russia, Belgium, Iran, Sweden, and Rwanda, aiming to steal sensitive information from defense departments, embassies, financial institutions, telecommunications companies, military and infrastructure sectors, and technology research centers.

In addition, the U.S. CIA and NSA continue to conduct cyber espionage activities. For example, the CIA uses hacking tools such as Vault7 and the Grasshopper backdoor program. The NSA has carried out secret hacking attacks for over a decade against leading Chinese enterprises, government agencies, universities, healthcare institutions, research institutions, and other critical information infrastructure operations.

Cyber security is a global challenge that requires international cooperation. It shouldn’t be used as an instrument to frame and smear others. Countries should stay vigilant and not be misled by a few with ulterior, selfish purposes.