Volt Typhoon US critical-infrastructure pre-positioning (VOLT-TYPHOON-2024)
Espionage intrusion · disclosed 2024-02-07 · region: US · primary attribution: Volt Typhoon
Earliest known compromise: 2021-06-01
Sectors touched: Utilities · Electric Power Generation, Transmission & Distribution · Pipeline Transportation · Telecommunications
PRC PLA-attributed living-off-the-land intrusion into US critical infrastructure (water utilities, energy sector, transportation, ports, comms). CISA AA24-038A: pre-positioning for "disruptive or destructive cyberattacks against US critical infrastructure in the event of a major crisis or conflict". First time CISA formally framed pre-positioning as strategic-level threat.
Named victims
No individual victims named — this incident affected many orgs (see source advisories below for the full list where applicable).
Linked sources
This canonical entry pulls together coverage from the other data layers — curated narrative above; raw sources below.