Cyber Resilience

Threat actor · all actors

Volt TyphoonG1017 state

🇨🇳 CN · PLA

aka Volt Typhoon, BRONZE SILHOUETTE, Vanguard Panda, DEV-0391, UNC3236, Voltzite, Insidious Taurus, DazedToad

Last updated: 2026-07-03

4attributed CVEs
98ATT&CK techniques
15.6IDF score (tooling uniqueness)
3exclusive CVEs
2025–2026years active

About this actor

[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021, primarily targeting critical infrastructure organizations in the US and its territories including Guam. [Volt Typhoon](https://attack.mitre.org/groups/G1017)'s targeting and pattern of behavior have been assessed as pre-positioning to enable lateral movement to operational technology (OT) assets for potential destructive or disruptive attacks. [Volt Typhoon](https://attack.mitre.org/groups/G1017) has emphasized stealth in operations using web shells, living-off-the-land (LOTL) binaries, hands on keyboard activities, and stolen credentials.(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024)(Citation: Microsoft Volt Typhoon May 2023)(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023)(Citation: Secureworks BRONZE SILHOUETTE May 2023). The group has leveraged compromised SOHO routers to proxy command and control traffic and obscure its infrastructure, activity associated with the KV botnet.(Citation: DOJ KVBotnet 2024). Reporting indicates a separate initial access cluster, SYLVANITE, has been observed exploiting internet-facing edge devices and transferring access to [Volt Typhoon](https://attack.mitre.org/groups/G1017), also tracked as VOLTZITE, for follow-on operations. (Citation: Dragos 2025 Year in Review)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2025-64119 7.09.30.00362026-01-02see CVE
CVE-2025-0283 6.07.00.49552025-01-08see CVE
CVE-2025-7746 3.55.30.00402025-09-09see CVE
CVE-2026-22813 3.56.10.00912026-01-12see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-443 / 9844%
CM-638 / 9839%
CM-233 / 9834%
AC-331 / 9832%
SI-330 / 9831%
AC-629 / 9830%
CM-729 / 9830%
AC-228 / 9829%
CA-725 / 9826%
SI-723 / 9823%
AC-519 / 9819%
SC-719 / 9819%
AC-417 / 9817%
IA-217 / 9817%
RA-517 / 9817%

Co-occurring actors

Similar actors

Similar TTPs

Overlapping CVEs

Same nation-state