Status of our main battlefield in the current cyber war.

Last year, in a rare moment of apparent good news, the US government announced that it had successfully dealt with Volt Typhoon. As it turns out, declaring victory is not the same thing as actual victory, and unfortunately the head-in-sand strategy encourages the private sector to just ignore the threat. 

Volt Typhoon is the Chinese hacker group prepositioning itself in American critical infrastructure, likely for sabotage in the event of a military confrontation involving Taiwan. That's a serious concern, but for a brief moment the US appeared to have secured a cyber win. Speaking at the International Conference on Cyber Security in July last year, Kristina Walter, director of the NSA’s Cybersecurity Collaboration Center said Volt Typhoon's effort had "really failed". Speaking at the same event, the FBI's assistant director for cyber Brett Leatherman said "we equipped the entire private sector and US government to hunt for them and detect them". 

This week however, operational technology cyber security firm Dragos released its 2026 Year in Review report, which warned the group is still active and continues to attack US utility firms. Dragos CEO, Rob Lee, told The Record, "they're still absolutely mapping out and getting into [and] embedding in US infrastructure, as well as across our allies". 

The report also described the rise of a new group it calls Sylvanite that carries out "large-scale initial access operations" which it then hands off to other groups including Volt Typhoon. Dragos has seen the group targeting the electricity, water and oil and gas sectors in multiple regions including North America, Europe, the United Kingdom and Guam.    

Colour us totally unsurprised. 

State-backed hackers don't compromise US critical infrastructure on a whim. It's part of a broader plan to achieve state goals. Unless that overall strategy changes, a hacking campaign doesn't disappear, it evolves.

Granted, the US has scored some significant wins against Volt Typhoon, such as disrupting the KV botnet the group was using in 2024. But China's broader strategic calculus remains. Military action around Taiwan is still on the cards and, for Beijing, dedicating time and effort to be able to meddle with US critical infrastructure remains a good investment.

One problem for the US government is that a lot of critical infrastructure is privately owned. Without the regulatory tools to order operators to take action against Volt Typhoon, the government can only encourage them to act.

So prematurely declaring victory is pretty counterproductive. Why would a private sector operator spend time and resources looking for and countering Volt Typhoon when the government says its campaign is a bust? 

The US has conducted operations that have significantly impacted Volt Typhoon and we expect that there will be more. That's good, but on its own it's not enough. There needs to be private sector cooperation. The ostrich strategy of pretending the threat simply does not exist isn't the way to get it.
Riskybiz

We will never run out of cyber security incidents to sell recovery to... And conscious clients buying real protection from us. 



https://blossom.primal.net/ad74c835ab9d3af5ee333dd80ca2ee32afddcab92770334a1535eef0ff99015b.jpg