Illustration: Liu Rui/GT

China's three reports on Volt Typhoon revealed the truth behind the systematic cyberattack activities of the US and demonstrated that such operations of the US are detectable, experts said.

China's National Computer Virus Emergency Response Center (CVERC) on Monday released its latest report on Volt Typhoon, a hacker team Five Eyes nations and Microsoft have accused China of being involved without any concrete evidence.

The Monday report is the third report on Volt Typhoon released by Chinese side. It further disclosed the cyber espionage operations targeting China, Germany and other countries which were launched by the US and other Five Eyes countries.

Although the US government and Microsoft have not yet responded to it, the report has garnered significant attention in the US cybersecurity field. US analysis website OODA published the main content of the Chinese report on Wednesday and accused China of lacking "concrete evidence" in it.

The article was written by a senior strategic intelligence analyst who provides support to US government civil and military intelligence organizations as well as the private sector. It focuses on the three Volt Typhoon reports released since April.

The three reports released by China not only challenge the US false narrative of China's involvement in the Volt Typhoon issue, but also suggest that the US is engaged in a disinformation campaign to place China at a disadvantage in the international community. The latest report relies on classified information exposed by Snowden and WikiLeaks, providing indirect evidence that the real perpetrator behind Volt Typhoon is the US rather than China. Despite being based on indirect evidence, the report presents a compelling hypothesis.

Li Baisong, director of the technical committee of Antiy Technology Group, told the Global Times that US cyberattack activities are long-term and systematic, posing significant challenges for countermeasures.

In particular, the US has taken advantage of its upstream position in the industrial chain to create a significant asymmetrical advantage against other countries. For example, the asymmetrical advantages resulted from selective openness and the specific range sharing of serious vulnerabilities like EternalBlue and Ghost may have created a six-month exclusive operational window for US intelligence agencies; additionally, Microsoft's advance release of patch files to the US Air Force a month ahead also provided an operational window. These are all part of the US intelligence agencies' NOBUS (Nobody But US) strategy to exploit vulnerabilities to aid in its own spying efforts, according to Li.

Du Zhenhua, a senior engineer at the CVERC, noted that US attacks are systematic operations involving organization, personnel, equipment systems, and operational procedures, with anti-tracking and concealment running throughout the entire system.

In order to have countermeasures, there is a need for comprehensive, objective, and rigorous analysis of issues and gaps, with heightened vigilance regarding the upstream advantages and information asymmetries that the US possesses at the standards, industrial chain, and supply chain levels, Du noted.

Despite the upstream advantages and preemptive activities, in most scenarios, the actual attack process still relies on the implantation, deployment, operation, and continuous control of Trojan executors. As long as solid security capability construction is carried out, fully leveraging the defensive side's environmental shaping advantages, and strengthening capabilities such as capture, analysis, and hunting, it is possible to capture, analyze and defend against US attacks, Du said.