Calling the "Volt Typhoon" hacking organization as a "Chinese State-sponsored" group is a plan orchestrated by the United States government agencies to get more money from the United States Congress and consolidate the US intelligence agencies' cyberinfiltration capabilities, according to a report from China's National Computer Virus Emergency Response Center ( VERC) issued on Monday.

The US government agencies are the "masterminds" behind the "Volt Typhoon" plan, with the intelligence agencies responsible for specific planning and execution. Anti-China US Congress members, various US federal government executive units, and the cybersecurity agencies of the "Five Eyes Alliance" countries participated in it, said the report.

On Jan 31, a US congressional committee held a hearing on the so-called cyberthreat from China, claiming that the "Chinese state-sponsored" hacking organization "Volt Typhoon" launched a series of activities affecting networks across critical US infrastructure sectors.

The allegation originated from a joint advisory by the cybersecurity authorities of the US and its "Five Eyes" allies — the United Kingdom, Australia, Canada, and New Zealand.

On April 15, the VERC issued the first report, which traced the real source of the "Volt Typhoon" organization. Recently, a joint technical team thoroughly analyzed data from all sides and reconstructed the entire scenario of this anti-China smear campaign based on the latest investigation results.

The new report analyzes the reports released by US institutions, the actions taken by US government departments, and the statements made by key US political figures.

It finds contradictions in the so-called evidence and related statements by the US side and identifies three major points of suspicion: the US instructing relevant companies to alter already published reports; inconsistencies between US officials and cybersecurity companies regarding the "Volt Typhoon" attacks; and contradictory actions by the US cybersecurity authorities.

The "Volt Typhoon" plan likely began in early 2023, or possibly earlier, with the aims to secure congressional approval for a larger budget allocation and push for the extension of the US Foreign Intelligence Surveillance Act's "Section 702," which could enhance its intelligence agencies' cyber infiltration capabilities, especially external attacks and deterrence against competitors, as well as internal surveillance and control over the populace, said the report.

The plan can be divided into three phases. From January 2023 to May 2023, they mainly fabricated a "Chinese State-sponsored" hacker organization allegedly attacking US cyberspace. From June 2023 to January 2024, the primary tasks were ensuring the extension of "Section 702" and securing an increased budget for the 2025 fiscal year.

During the second phase period, many US companies hyped the "Volt Typhoon" issue, further fueling the "China threat theory," resulting in the authorization period for "Section 702" being extended to April 19, 2024, far short of their expectations.

From February 2024 to April 2024, US intelligence agencies continued to portray the "Volt Typhoon" organization as a Chinese cybersecurity threat, again utilizing the "Five Eyes Alliance" intelligence cooperation mechanism to create a favorable public opinion atmosphere for the renewal of "Section 702." Ultimately, on April 19, the US Senate passed the Act, allowing US intelligence agencies to keep their power with higher budgets and expanded the scope of surveillance over the next two years.