PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

US: Chinese Hackers Have Been Inside Some Critical Networks for 5 Years

The US urges companies and organizations to help root out the Chinese hacking group 'Volt Typhoon' from critical infrastructure systems.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Getty Images)

A Chinese state-sponsored hacking group has been successfully infiltrating critical infrastructure systems in the US, and in some cases, maintaining access for more than five years, according to federal investigators. 

Called “Volt Typhoon,” the hackers have been targeting the communications, energy, transportation, and wastewater sectors with the goal of unleashing chaos if China were ever to confront the US during a major crisis or conflict. 

“The US authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations,” federal agencies said today.

To warn the public about the hacking threat, the FBI, NSA, and Cybersecurity and Infrastructure Security Agency (CISA) issued a 45-page report outlining the group’s tactics. The agencies hope this will help push the US to root out Volt Typhoon from its critical infrastructure systems. 

“We are at a critical juncture for our national security,” says CISA Director Jen Easterly. “We strongly encourage all critical infrastructure organizations to review and implement the actions in these advisories and report any suspected Volt Typhoon or living off the land activity to CISA or FBI.”

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

Volt Typhoon grabbed headlines last week after the FBI said it had dismantled a botnet the Chinese hacking group was using to mask their activities in the US. Wednesday’s report adds that “some victims are smaller organizations with limited cybersecurity capabilities that provide critical services to larger organizations or key geographic locations.”

Volt Typhoon modus operandi
(Credit: CISA)

The group has been able to hide for so long inside US networks by relying less on malware and more on “living off the land” tactics, which involve harnessing legitimate software tools or hijacking valid accounts inside a company to conduct the infiltration. The group will also time their infiltration attempts to carefully avoid tipping off security measures.

“For example, in some instances, Volt Typhoon actors may have abstained from using compromised credentials outside of normal working hours to avoid triggering security alerts on abnormal account activities,” the report noted. 

Oftentimes, Volt Typhoon’s primary goal is to gain access to powerful admin accounts inside a network. Once access is achieved, the hackers will exhibit little activity. “This assessment is supported by observed patterns where Volt Typhoon methodically re-targets the same organizations over extended periods, often spanning several years, to continuously validate and potentially enhance their unauthorized accesses,” the report said. 

As an example, investigators spotted Volt Typhoon repeatedly stealing the domain credentials from one victim network over a four-year time span, likely to ensure they could maintain access. “In one confirmed compromise, an industry partner observed Volt Typhoon actors dumping credentials at regular intervals,” the report added.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio