Volt Typhoon
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 04/05/2026 16:33
- Updated at
- 04/05/2026 16:33
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 113 attack patterns (mitre), 3 malware, 12 sectors, 4 countries, 71 indicators, 3 vulnerabilities (cve), 16 tool, 2 campaign
Aliases
BRONZE SILHOUETTE Vanguard Panda DEV-0391 UNC3236 Voltzite Insidious Taurus
Description
[Volt Typhoon](https://attack.mitre.org/groups/G1017) is a People's Republic of China (PRC) state-sponsored actor that has been active since at least 2021 primarily targeting critical infrastructure organizations in the US and its territories including Guam. [Volt Typhoon](https://attack.mitre.org/groups/G1017)'s targeting and pattern of behavior have been assessed as pre-positioning to enable lateral movement to operational technology (OT) assets for potential destructive or disruptive attacks. [Volt Typhoon](https://attack.mitre.org/groups/G1017) has emphasized stealth in operations using web shells, living-off-the-land (LOTL) binaries, hands on keyboard activities, and stolen credentials.(Citation: CISA AA24-038A PRC Critical Infrastructure February 2024)(Citation: Microsoft Volt Typhoon May 2023)(Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023)(Citation: Secureworks BRONZE SILHOUETTE May 2023)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
- Secureworks BRONZE SILHOUETTE May 2023
- Cloudflare 2026 Threat Report New Threat Actors March 2026
- mitre-attack (G1017)
- Microsoft Volt Typhoon May 2023
- Secureworks BRONZE SILHOUETTE May 2023
- DOJ KVBotnet 2024
- Dragos 2025 Year in Review
- CISA AA24-038A PRC Critical Infrastructure February 2024
- Joint Cybersecurity Advisory Volt Typhoon June 2023