China denies claims by the U.S. government and Microsoft that the Chinese government is behind the hacker group 'Bolt Typhoon,' calling it a 'farce created by China itself.'

In May 2023, Microsoft warned that the Chinese government-backed hacker group 'Bolt Typhoon' was targeting US critical infrastructure, and in February 2024, the US government also reported the results of its investigation into Bolt Typhoon. In response, the China National Computer Virus Emergency Response Center (CVERC) released a report (PDF file) on October 14 local time, denying the claims of the US government and Microsoft regarding Bolt Typhoon, calling it a 'self-made farce.'

Volt Typhoon: Chinese Cyber Agency Rejects US Hacking Claims in New Report - Bloomberg
https://www.bloomberg.com/news/articles/2024-10-15/chinese-cyber-agency-rejects-us-hacking-claims-in-new-report

China again claims Volt Typhoon was invented by the US • The Register
https://www.theregister.com/2024/10/15/china_volt_typhoon_false_flag/

According to a May 2023 report by Microsoft, Bolt Typhoon is a hacker group that began its activities in mid-2021 and is attacking a wide range of critical American infrastructure, including government organizations, communications, transportation, construction, and manufacturing. Bolt Typhoon is said to have been using vulnerabilities in FortiGuard, a security company provided by Fortinet, to infiltrate the system, steal user credentials via command line, and infiltrate other systems.

Microsoft warns that Chinese government hacker group 'Bolt Typhoon' is targeting critical infrastructure with espionage activities - GIGAZINE

In February 2024, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly reported that the Bolt Typhoon had maintained access to U.S. critical infrastructure for at least five years.

'Factually, we have observed indications that Bolt Typhoon has maintained access or a foothold within a target's IT environment for at least five years. Bolt Typhoon conducts extensive pre-emptive reconnaissance to learn about the target organization and its structure, tailors its tactics, techniques, and procedures (TTPs) to the target's environment, and commits resources over time to maintain persistence,' U.S. officials said in the report.

It turns out that the Chinese government hacker group 'Bolt Typhoon' has been hiding in major US infrastructure for more than five years, raising tensions over Taiwan invasion - GIGAZINE

Additionally, in August, it was reported that Bolt Typhoon was exploiting a zero-day vulnerability in the network operations service Versa Director.

Chinese government hacker group 'Bolt Typhoon' is using vulnerabilities in the network operation service 'Versa Director' to launch zero-day attacks against American targets - GIGAZINE

China's CVERC countered the claims surrounding Bolt Typhoon in a report published on October 14th titled 'Bolt Typhoon III: A look into the cyber espionage and disinformation campaigns conducted by US government agencies.' This is the third report CVERC has released on Bolt Typhoon.

In its report, CVERC argues that the US government is fabricating the threat of Chinese cyber attacks for political and economic gain, calling the Bolt Typhoon a 'farce orchestrated by the US federal government.'

CVERC also wrote that 'more than 50 cybersecurity experts from the United States, Europe, Asia and other countries and regions have contacted the Center through various means and stated that there is a lack of compelling evidence that the United States and Microsoft have linked the Bolt Typhoon to the Chinese government.' However, the identities of these experts have not been disclosed.

In its report, CVERC claims that U.S. authorities have deployed 'cyber armies' around rival countries to conduct reconnaissance and penetration tests on targets of attacks. It also accuses U.S. intelligence agencies of using a toolkit called ' Marble ,' reported by WikiLeaks in 2017, to not only hide cyber attacks but also to insert strings of Chinese, Russian, Korean, Persian, Arabic, and other characters to frame countries such as China.

'Chinese government officials have long refuted the hacking allegations, often accusing the US of conducting its own cyber operations without providing any evidence,' Bloomberg reported.