CHINA'S STRATEGIC COMPETITION IN CYBERSPACE. VOLT TYPHOON AND SALT TYPHOON AS A PROJECTION OF POWER, A MORE AGGRESSIVE POSTURE AND A FUTURE BEYOND ESPIONAGE

Authors

  • Dimitar Dimitrov Nikola Vaptsarov Naval Academy, IT Department (BG)
  • Evgeni Andreev Nikola Vaptsarov Naval Academy, IT Department (BG)

DOI:

https://doi.org/10.17770/etr2025vol2.8618

Keywords:

China, Salt Typhoon, Strategic competition, Volt Typhoon

Abstract

China’s strategic competition in cyberspace has evolved beyond traditional espionage, adopting a more aggressive posture that integrates cyber sabotage as a critical tool of statecraft. This paper examines the activities of the state-sponsored hacking groups Volt Typhoon and Salt Typhoon, highlighting its transition from intelligence gathering to disruptive cyber operations against critical infrastructure. By leveraging Living off the Land Binaries (LOLBins) and exploiting vulnerabilities in SOHO network devices, Volt Typhoon has demonstrated an ability to maintain persistent access while evading detection. The group’s infiltration of U.S. military networks in Guam is analysed as a case study reflecting Beijing’s broader strategic ambitions in the Indo-Pacific. The findings suggest that China's cyber doctrine is shifting toward pre-positioning for offensive capabilities, enabling covert battlefield preparation in anticipation of geopolitical escalations. The study underscores the necessity for proactive cybersecurity measures, advanced threat intelligence sharing and international collaboration to counter the emerging threats posed by China's evolving cyber warfare strategy

References

k. he et al., “understanding the dynamics of the indo-pacific: us–china strategic competition, regional actors, and beyond,” international affairs, vol. 96, no. 1, pp. 1–7, 2020. doi: 10.1093/ia/iiz242 DOI: https://doi.org/10.1093/ia/iiz242

m. kolton, “interpreting china’s pursuit of cyber sovereignty and its views on cyber deterrence,” the cyber defense review, vol. 2, no. 1, pp. 119–154, 2017. [online]. available: http://www.jstor.org/stable/26267405. [accessed: feb. 16, 2025].

“forward persistence in great power cyber competition,” dec. 19, 2024. [online]. available: https://cyberdefensereview.army.mil/portals/6/documents/2024-fall/lynch_cdrv9n3-fall-2024.pdf. [accessed: feb. 16, 2025].

“china’s military strategy,” may 27, 2015. [online]. available: https://english.www.gov.cn/archive/white_paper/2015/05/27/content_281475115610833.htm. [accessed: feb. 16, 2025].

“the 2004 chinese defence white paper,” mar. 18, 2005. [online]. available: https://rusi.org/publication/2004-chinese-defence-white-paper. [accessed: feb. 16, 2025].

“swj primer: chinese cyber espionage and information warfare,” apr. 29, 2019. [online]. available: https://archive.smallwarsjournal.com/index.php/jrnl/art/swj-primer-chinese-cyber-espionage-and-information-warfare. [accessed: feb. 18, 2025].

m. n. mirza et al., “conceptualising cyber sovereignty and information security: china’s image of a global cyber order,” webology, vol. 18, no. 5, 2021. [online]. available: https://ssrn.com/abstract=4056104. [accessed: feb. 18, 2025].

r. creemers, “the chinese conception of cybersecurity: a conceptual, institutional, and regulatory genealogy,” journal of contemporary china, vol. 33, no. 146, pp. 173–188, 2023. doi: 10.1080/10670564.2023.2196508 DOI: https://doi.org/10.1080/10670564.2023.2196508

r. creemers, “china’s conception of cyber sovereignty: rhetoric and realization,” in governing cyberspace: behavior, power, and diplomacy, pp. 107–142, 2020. [online]. available: https://ssrn.com/abstract=3532421. [accessed: feb. 18, 2025]. DOI: https://doi.org/10.5040/9798881810733.ch-006

“volt typhoon and the disruption of the u.s. cyber strategy,” mar. 5, 2024. [online]. available: https://www.lawfaremedia.org/article/volt-typhoon-and-the-disruption-of-the-u.s.-cyber-strategy. [accessed: feb. 18, 2025].

“chinese hack pushes up against guardrails intended to manage u.s.-chinese strategic competition,” feb. 6, 2024. [online]. available: https://www.bradley.com/insights/publications/2024/02/chinese-hack-pushes-up-against-guardrails-intended-to-manage-us-chinese-strategic-competition. [accessed: feb. 19, 2025].

] “people's republic of china state-sponsored cyber actor living off the land to evade detection,” may 24, 2023. [online]. available: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a. [accessed: feb. 20, 2025].

“volt typhoon targets us critical infrastructure with living-off-the-land techniques,” may 24, 2023. [online]. available: https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/. [accessed: feb. 20, 2025].

“volt typhoon's future war,” mar. 14, 2024. [online]. available: https://blog.barracuda.com/2024/03/14/volt-typhoon-future-war. [accessed: feb. 20, 2025].

“eroding global stability: the cybersecurity strategies of china, russia, north korea, and iran,” aug. 01, 2024. [online]. available: https://irregularwarfare.org/articles/eroding-global-stability-the-cybersecurity-strategies-of-china-russia-north-korea-and-iran/. [accessed: feb. 20, 2025].

“threat brief: attacks on critical infrastructure attributed to insidious taurus (volt typhoon),” feb. 14, 2024. [online]. available: https://unit42.paloaltonetworks.com/volt-typhoon-threat-brief/. [accessed: feb. 20, 2025].

“the rise of chinese apt campaigns: volt typhoon, salt typhoon, flax typhoon, and velvet ant,” oct. 24, 2024. [online]. available: https://eclypsium.com/blog/the-rise-of-chinese-apt-campaigns-volt-typhoon-salt-typhoon-flax-typhoon-and-velvet-ant/. [accessed: feb. 21, 2025].

“us telecom giants under siege: ‘salt typhoon’ cyber assault linked to china,” oct. 15, 2024. [online]. available: https://cybelangel.com/us-telecom-salt-typhoon-cyber-assault-china/. [accessed: feb. 21, 2025].

“salt typhoon hacks of telecommunications companies and federal response implications,” nov. 15, 2024. [online]. available: https://crsreports.congress.gov/product/pdf/if/if12798. [accessed: feb. 21, 2025].

“governments, telcos ward off china's hacking typhoons,” dec. 11, 2024. [online]. available: https://www.darkreading.com/cyberattacks-data-breaches/governments-telcos-chinas-hacking-typhoons. [accessed: feb. 21, 2025].

“us adds 9th telecom company to list of known salt typhoon targets,” dec. 27, 2024. [online]. available: https://therecord.media/nine-us-companies-hacked-salt-typhoon-china-espionage. [accessed: feb. 23, 2025].

“redmike (salt typhoon) exploits vulnerable cisco devices of global telecommunications providers,” feb. 13, 2025. [online]. available: https://www.recordedfuture.com/research/redmike-salt-typhoon-exploits-vulnerable-devices. [accessed: feb. 23, 2025].

h. t. hung, “exploring china’s cyber sovereignty concept and artificial intelligence governance model: a machine learning approach,” journal of computational social science, vol. 8, no. 24, 2025. doi: 10.1007/s42001-024-00346-8 DOI: https://doi.org/10.1007/s42001-024-00346-8

“weathering the storm: in the midst of a typhoon,” feb. 20, 2025. [online]. available: https://blog.talosintelligence.com/salt-typhoon-analysis/. [accessed: feb. 23, 2025].

Downloads

Published

08.06.2025

Issue

Vol. 2 (2025): Environment. Technology. Resources. Proceedings of the 16th International Scientific and Practical Conference. Volume 2

Section

Information Technologies

License

Copyright (c) 2025 Dimitar Dimitrov, Evgeni Andreev

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
D. Dimitrov and E. Andreev, “CHINA’S STRATEGIC COMPETITION IN CYBERSPACE. VOLT TYPHOON AND SALT TYPHOON AS A PROJECTION OF POWER, A MORE AGGRESSIVE POSTURE AND A FUTURE BEYOND ESPIONAGE”, ETR, vol. 2, pp. 115–122, Jun. 2025, doi: 10.17770/etr2025vol2.8618.