In a rare and unsettling moment for cybersecurity leaders, China has indirectly acknowledged it was behind the Volt Typhoon cyberattacks targeting U.S. critical infrastructure.

This came out during a closed-door meeting between Chinese and American officials at a Geneva summit in December 2024, according to a new report from The Wall Street Journal.

If you’re responsible for protecting business operations, this development isn’t just international drama—it’s a clear signal that critical infrastructure and enterprise systems are firmly in the crosshairs of advanced threat actors.

Here’s the core of the situation:

• Chinese officials made ambiguous but telling remarks that American officials interpreted as an admission that Volt Typhoon was retaliation for U.S. support of Taiwan.
• Volt Typhoon used zero-day vulnerabilities and highly sophisticated techniques.
• Targets included communications, manufacturing, utilities, construction, government, IT, maritime, transportation, and energy sectors.
• Notably, attackers managed to stay inside parts of the U.S. electric grid for 300 days during 2023 without being detected.

The goal, according to U.S. officials, wasn’t immediate destruction—it was to create access points for future disruption if political tensions escalate.

Another campaign called Salt Typhoon also came up during the meeting. This attack compromised telecom firms and communications of senior U.S. officials.

However, U.S. officials view Salt Typhoon as standard espionage—the kind of activity both sides quietly expect. Volt Typhoon, on the other hand, is seen as a provocation aimed at potentially crippling infrastructure during a conflict.