On October 14, Xinhua News Agency reported that various Chinese institutions, including the National Computer Virus Emergency Response Center, have released detailed reports exposing the U.S. government’s indiscriminate surveillance of global telecommunications and internet users. These revelations highlight how the U.S. government agencies have engineered fictitious narratives surrounding Chinese cyber threats, all while serving the interests of certain political and economic groups.

Recently, these institutions released additional reports that further disclose the U.S. federal government’s collaborative espionage activities against China and other nations. Utilizing covert tools designed to mislead attribution analysis, U.S. intelligence agencies pay lip service to “false flag” operations, attempting to mask their own malicious cyber activities while blaming other countries. The “Typhoon” operation has been characterized as a carefully orchestrated political farce driven by U.S. government interests.

The Chameleonic Nature of Cyber Operations

Earlier this year, the National Computer Virus Emergency Response Center disclosed various cyber weapons developed by the National Security Agency (NSA) and the Central Intelligence Agency (CIA). These analyses showcase the features and stealth tactics employed by U.S. intelligence in foreign cyber attacks, revealing only a fraction of the vast arsenal they possess.

For years, the U.S. has actively pursued a “preemptive defense” strategy, deploying cyber warfare units near rival nations to conduct reconnaissance and infiltrate online targets. To facilitate this strategy, U.S. intelligence agencies developed a covert “toolkit” called “Marble,” which allows them to obfuscate their malicious cyber actions and mislead attribution efforts. This framework helps developers camouflage identifiable characteristics within the code, effectively erasing their digital fingerprints and making it impossible for investigative bodies to trace the true origins of cyber weapons.

Moreover, “Marble” can embed strings in various languages, including Chinese, Russian, Korean, Persian, and Arabic, further misleading investigators and framing countries such as China, Russia, North Korea, Iran, and several Arab nations as aggressors. This toolkit exemplifies the indiscriminate espionage activities conducted by U.S. intelligence agencies globally, implementing “false flag” operations to misdirect researchers and frame “rival nations.”

The Actions of the “Peeping Tom” in Cyberspace

Documentation from the NSA reveals that the U.S. maintains a significant technical and geographical advantage, allowing it to dominate critical transatlantic and transpacific undersea internet cables. The establishment of seven national-level traffic monitoring stations in collaboration with the FBI and the United Kingdom’s National Cyber Security Centre facilitates wholesale data interception, enabling widespread surveillance of global internet users.

Beneficiaries of this data surveillance range beyond just intelligence and military organs; they include numerous federal administrative agencies, including the White House, cabinet officials, and various departments like the Department of Commerce, State, Treasury, and others. The “Typhoon” operation thus involves not only intelligence agencies but a broader network of U.S. government bodies driven by shared interests.

The results of this intelligence-gathering inevitably yield vast amounts of readable and retrievable data. To manage this, the NSA has implemented two pivotal projects: the “UpStream” project, which archives raw communication data from intercepted undersea cables; and the “Prism” project, which classifies and analyzes this data while also mandating U.S. tech companies to provide user information directly from their servers.

NSA documents indicate that the agency’s Tailored Access Operations team conducts widespread and clandestine cyber intrusions, deploying over 50,000 spy programs targeting regions like Asia, Eastern Europe, Africa, the Middle East, and South America. Notably, major Chinese cities appear to be within the scope of these covert operations, with many command-and-control centers located in bases outside the U.S.

Unusual Events Indicate Deeper Issues

Following the release of the second report on the “Typhoon” investigation, American officials and their mainstream media remained largely silent. However, some former and current U.S. government officials, as well as cybersecurity firms, voiced skepticism about the investigation’s findings through social media and independent news outlets, expressing concern that the reports misrepresented their research.

One company’s sudden retraction raises eyebrows. They claimed that errors in their previous assessment led them to amend their findings related to the “Typhoon” report. This cursory explanation has generated further doubt, suggesting that their alterations were made under external pressure.

Sherrod DeGrippo, Director of Threat Intelligence Strategy at Microsoft, stated at the BlackHat conference that the so-called “Typhoon” group remains active with no signs of halting, yet offered no solid evidence to substantiate claims of support from the Chinese government.

For years, U.S. government agencies have politicized cyber attack attributions for their own gain. Companies like Microsoft and CrowdStrike, aiming to align with U.S. political interests, have embraced sensational names for hacker groups—resembling geopolitical stereotypes—such as “Typhoon,” “Panda,” and “Dragon,” without rigorous evidence backing their claims.

China firmly opposes the politicization of technical investigations into cybersecurity incidents, objecting to attributing cyber attacks to geopolitical motives. In contrast, U.S. agencies seem undeterred in fabricating non-existent cyber threats, seeking to extract substantial budget allocations from Congress. In the end, this recklessness may backfire, leading to a significant reckoning as informed scrutiny turns towards those crafting these deceptive narratives.