The threat landscape is evolving at an alarming rate, and business leaders who may have previously believed that nation-state attacks are a problem for governments alone are increasingly mistaken. The latest revelations surrounding China’s Volt Typhoon and Salt Typhoon campaigns should serve as a wake-up call to executives worldwide. These are not theoretical threats—they are calculated, long-term infiltrations into critical infrastructure, and no company or country is off-limits.
While the bulk of the activity surrounding these operations has focused on the United States, the underlying objective is clear: establish persistent access to key systems that, when needed, can be exploited for geopolitical leverage. In other words, these attacks are not just about stealing secrets—they are about preparing to disrupt entire industries and nations when it is strategically advantageous to do so. And the UK, along with Europe and other Five Eyes nations, is likely on that target list.
If your business operates in energy, telecommunications, transport, water, or government-adjacent industries, you’re already in the crosshairs. Volt Typhoon, a Chinese-backed cyber operation, has been caught burrowing into critical infrastructure with the goal of establishing long-term footholds that can be used for future sabotage. Meanwhile, Salt Typhoon has been focused on telecommunications—an industry with a truly global footprint and an essential enabler for economic and national security.
No organization is safe
The interconnected nature of global business means that no organization is safe. The very corporations targeted in the US—large multinational firms with operations across the UK, Europe, and beyond—are the same ones supporting infrastructure elsewhere. China has every reason to expand these attacks to Five Eyes allies like the UK, given its vested interest in disrupting intelligence-sharing and counter-espionage efforts.
There is precedent for this expansion. We’ve already seen similar tactics in Flax Typhoon, which targeted Taiwan, and given China’s long-term cyber strategy, it is reasonable to assume that European and UK-based entities are already on the list for similar intrusions. The question isn’t if these attacks will scale globally—it’s whether businesses will be prepared when they do.
State-sponsored cyber actors typically don’t launch ransomware attacks for quick payouts. Their goals are much more insidious: access, persistence, and control. China’s cyber teams are laser-focused on industries where disruptions would have the most significant impact—energy, water, communications, transportation, and education.
These sectors are not just economic pillars; they are also key to national security and societal stability. Imagine the chaos that could ensue if a foreign adversary had the ability to disrupt power grids, water supplies, or telecom networks at will, such as SektorCert in the EU.
Action required at board level
Yet many businesses in these sectors are still not treating cybersecurity as a board-level issue. Too often, security is seen as an IT problem rather than a core risk. If a company has any role in critical infrastructure—even as a supplier to larger entities—it should already be treating cyber resilience as a priority, because ignoring it is an open invitation for adversarial control.
There has been speculation about AI-powered cyber threats, but here’s the reality: Volt and Salt Typhoon are not using cutting-edge AI to develop novel exploits. Instead, they are deploying well-worn tactics—leveraging known vulnerabilities and methodically working through their targets with a level of discipline that outpaces many corporate defenses.
However, China, like everyone else, is integrating AI into its cyber operations. It may not be leading the charge in AI-powered hacking just yet, but automation, summarization, and workflow efficiency tools are already being employed to accelerate and scale cyber operations.
This means that while companies may not yet be facing AI-generated, self-evolving malware, they are still dealing with adversaries who can analyze, target, and exploit weaknesses faster than ever before. The key takeaway is that businesses cannot afford to move at yesterday’s speed when their attackers are already operating at tomorrow’s pace.
Traditional security solutions aren’t enough
What makes the Volt and Salt Typhoon campaigns even more threatening is that traditional security solutions—firewalls, endpoint protection, intrusion detection—simply aren’t sufficient enough.
In fact, one of the biggest weaknesses that attackers like Volt and Salt Typhoon exploit is a lack of network visibility. Businesses often invest in endpoint protection and firewalls, yet many industrial control systems (ICS), IoT devices, and network appliances—the exact infrastructure being targeted—do not support traditional security tools. This creates a massive blind spot, allowing state-sponsored actors to infiltrate, persist, and move laterally undetected.
Without deep, real-time network monitoring, organizations have no way of detecting unusual patterns of behavior, unauthorized communications, or stealthy command-and-control (C2) traffic that signal a compromise. Volt Typhoon, for example, has been known to use “living off the land” techniques, blending in with normal system activity to evade detection. The only way to uncover these threats is through continuous monitoring, anomaly detection, and threat intelligence integration—traditional perimeter security simply isn’t enough.
Resilience is essential
Boardrooms globally must recognize that resilience against state-backed cyber threats is as essential as financial stability. Businesses must adopt an assumption-of-breach mindset, recognising that their systems may already be compromised, and focus on threat hunting and proactive monitoring. Supply chains have to be secured, as many breaches occur through third-party vendors, making every link in the supply chain a potential vulnerability.
Companies that operate in or support critical industries must prioritize robust cyber defenses now, rather than reacting once an attack occurs. Aligning with national security efforts and intelligence-sharing initiatives is critical, as collaboration with government cybersecurity bodies can provide crucial insights and defenses. Training and testing must be continuous, with regular cybersecurity education for employees and rigorous red-teaming exercises to stay ahead of emerging threats.
We are just beginning to understand the full extent of the Salt Typhoon campaign and the vulnerabilities it has exposed. This is just one front in an ongoing cyber war where the stakes are national and economic security. The sheer number of connected devices in the average organization today is unmanageable without advanced monitoring, making network detection and defense more critical than ever in identifying and stopping these persistent threats before they escalate into full-scale cyber crises.
We rate the best cloud firewalls.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
