News and Resources

Volt Typhoon: Critical Infrastructure an ongoing cyber target

In this section

Volt Typhoon: Critical Infrastructure an ongoing cyber target

23 June 2023

ARPC has posted an update on the Volt Typhoon Cyber Attack. This shows the scale and sophistication of evolving cyber threats, including potential for cyber terrorism, on critical infrastructure and property assets. The threat, according to cyber experts is often misunderstood and under-estimated.

Ransomware attacks have taken centre stage in media coverage of large-scale cyber-attacks. The recent discovery of cyber-attacks by Microsoft linked to the hostile cyber actor Volt Typhoon on critical infrastructure, is a reminder that while ransomware is prolific, other cyber-attacks of critical infrastructure also remains a concern.

A recent joint cyber security advisory issued by key international cybersecurity agencies on Volt Typhoon’s alleged cyber-attack on critical infrastructure in the Pacific, is a reminder that critical infrastructure is a key target of hostile cyber actors.

Microsoft states that Volt Typhoon is a state-sponsored actor that typically focuses on cyber disruption and information gathering. Microsoft assessed with moderate confidence that Volt Typhoon is seeking to develop capabilities that could disrupt communications infrastructure in the Pacific. Other experts have joined Microsoft in evaluating that Volt Typhoon is a particularly stealthy operator and that its intelligence gathering could shift to digital sabotage.

Microsoft claims that Volt Typhoon has been active since mid-2021 and has targeted critical infrastructure organisations. In this campaign, the affected organisations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. The observed behaviour suggests the threat actor intends to perform intelligence gathering and retain access without detection for as long as possible. Cyber Security analysts say threats posed by emerging hostile cyber actors are often misunderstood and under-estimated. These actors covertly install ‘sleeper software’, enabling them to execute future attacks on targets of strategic importance such as military installations, power grids, communication systems, hospitals, and industrial plants.

In March this year, the NATO-EU Task Force on Resilience of Critical Infrastructure was launched, reinforcing the trend on the geopolitical stage that Critical Infrastructure is of renewed strategic importance.

Microsoft says it is choosing to highlight the current activity from Volt Typhoon because of significant concerns about the potential impact on several industries. The joint security advisory on this alert shows the seriousness of impacts this may have on critical infrastructure.


  1. Joint Cyber Security Advisory CSA_Living_off_the_Land.PDF ( (last accessed 22 June 2023)
  2. Microsoft Intelligence Blog Volt Typhoon targets US critical infrastructure with living-off-the-land techniques | Microsoft Security Blog (last accessed 22 June 2023)
  3. SC Magazine The Volt Typhoon wake-up call | SC Media ( (Last accessed 22 June 2023)

Author: Amanda Tsioutis, Manager Thought Leadership
Contributor: Sachin Nadgauda, Head of IT


Insurer customer logins to ARPC

Terrorism Insurer Portal (RISe)

RISe is ARPC’s Terrorism Reinsurance Pool (terrorism pool) insurer customer portal, which allows insurer customers to lodge their company information in a secure and user-friendly environment.

Cyclone Insurer Portal (PACE)

PACE is ARPC’s Cyclone Reinsurance Pool (cyclone pool) insurer customer portal, which allows cyclone pool insurer customers to lodge their company information in a secure and user-friendly environment.