If you were to ask ten thousand Americans what the defining threat of their generation was, precious few if any would respond with ‘Volt Typhoon.’ But that’s exactly what FBI Director Christopher Wray told a committee hearing in 2024.

The FBI director was referring to a China state-backed advanced persistent threat (APT) that had recently been discovered to be lurking in the networks of critical infrastructure providers in the United States. The group, codenamed ‘Volt Typhoon’ by Microsoft upon its discovery, represents just one head of the hydra of state-backed hostile cyber actors, all of whose roster, methods, and degree of state support are only inferable from the targets they select and the cyber tools they employ. ‘Volt’ is joined by other campaigns, notably ‘Salt Typhoon,’ which recently prevailed over the ‘worst telecom hack in US history,’ gaining access to call records and actual conversations across nine major telecom networks. This article examines how the threat of China state-backed cyber espionage continues to evolve, as illustrated by the four ‘typhoon’ campaigns: Flax, Brass, Volt, and Salt.